Reportseverity: High2023-03-01
Akira ransomware operation emerges, targeting Windows environments
published by MITRE ATT&CK
Actor
Ransomware-as-a-service operation active since March 2023, characterized by an unusually retro 1980s-terminal-styled leak site. CISA estimated $42M+ in extracted ransoms across 250+ organizations wit…
Summary
Akira ransomware activity first observed in March 2023, initially targeting Windows systems with a C++ encryptor that appends a .akira extension. Akira operates as a double-extortion crew and is tracked by industry as Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara, with code overlap suggesting links to the defunct Conti operation.
Tags
ransomwaredouble-extortionconti-lineage