Reportseverity: High2023-08-01
Akira begins deploying Rust-based 'Megazord' encryptor
published by CISA
Actor
Ransomware-as-a-service operation active since March 2023, characterized by an unusually retro 1980s-terminal-styled leak site. CISA estimated $42M+ in extracted ransoms across 250+ organizations wit…
Summary
Beginning in August 2023, Akira intrusions started deploying a secondary encryptor written in Rust and tracked as Megazord, which appends a .powerranges extension. Akira affiliates have continued to use the original C++ Akira encryptor, Megazord, and Akira_v2 interchangeably across campaigns.
Tags
ransomwarerustmegazord
Primary source
cisa.govOther Akira events
- 2025-11-13Updated joint advisory: Akira tied to ~$244M in proceeds, now hitting Nutanix AHV
- 2024-04-18FBI, CISA, Europol, NCSC-NL issue joint #StopRansomware advisory on Akira
- 2023-04-01Akira deploys Linux variant targeting VMware ESXi
- 2023-03-01Akira ransomware operation emerges, targeting Windows environments