threatintel
actor tracker
Akira
Advisoryseverity: High2024-04-18

FBI, CISA, Europol, NCSC-NL issue joint #StopRansomware advisory on Akira

published by CISA
Actor
Akira?? · UnknownRansomware

Ransomware-as-a-service operation active since March 2023, characterized by an unusually retro 1980s-terminal-styled leak site. CISA estimated $42M+ in extracted ransoms across 250+ organizations wit…

Summary

FBI, CISA, the Europol European Cybercrime Centre, and the Netherlands' National Cyber Security Centre published the first joint #StopRansomware advisory on Akira (AA24-109A), detailing initial-access TTPs against Cisco VPN appliances without MFA (CVE-2020-3259, CVE-2023-20269), Megazord and Akira_v2 tradecraft, and a multi-page IOC table covering encryptor hashes and supporting tooling.

Tags

advisorystopransomwarecisco-vpn

Primary source

cisa.gov

Other Akira events