TLDR
- Akira ransomware group collected $42 million in payments from over 250 organizations in the last year.
- Akira is now targeting Linux servers in addition to Windows machines.
The Akira ransomware group has successfully collected $42 million in ransom payments from more than 250 organizations over the past year, as revealed in a joint advisory from leading cybersecurity agencies in Europe and the United States. The advisory, released by CISA, FBI, Europol, and the National Cyber Security Centre in the Netherlands, highlighted Akira’s shift towards targeting Linux servers in addition to Windows systems.
The evolution of Akira’s tactics, such as deploying Rust-based code like Megazord and Akira_v2, has helped them expand their reach to virtual machines. The group’s focus on Linux servers can be attributed to the widespread use of Linux in server functions across various industries. Threat actors are adapting to target Linux infrastructure in critical sectors like finance, healthcare, and government, exploiting the open-source nature of Linux to analyze vulnerabilities more easily.
Security experts emphasize the importance of robust cybersecurity measures such as timely patching, network segmentation, and comprehensive backup strategies to mitigate the risk posed by ransomware threats like Akira. By understanding the tactics, techniques, and procedures employed by Akira ransomware, organizations can enhance their defenses against evolving threats in the cybersecurity landscape.