• Tue. Oct 17th, 2023

The Akira Extortion Group Targets Business Networks Globally

Avatar photo

ByEsme Greene

Jul 1, 2023
Akira Extortion Group targets businesses globally
Esme Greene
Latest posts by Esme Greene (see all)

In the past few months, a new organization of cyberterrorists going by the name of Akira has been hacking business networks all over the world, encrypting information, and demanding ransom payments of up to several million dollars. 

Representatives of Akira claim that since March of this year, assaults have been made against sixteen businesses from a variety of areas, including education, banking, real estate, manufacturing, and consultancy.

What the Malware is Capable of

It seems doubtful that both activities are connected, despite the fact that a ransomware virus with the same name existed in 2017. The Akira ransomware sample, discovered by the team MalwareHunterTeam, skips over some system folders like “Recycle Bin,” “System Volume Information,” “Boot,” “ProgramData,” and “Windows” before encrypting files. It does this by deleting Windows shadow copies on the device during startup.

The malware can also disable system activities or services that can obstruct encryption and prevent encrypting Windows system files with the extensions “.exe,” “.lnk,” “.dll,” “.msi,” and “.sys.” The virus gives already-encrypted files the “.akira” suffix. For instance, “Report.doc” will become “Report.doc.akira” after being encrypted.

When the attackers get hold of a Windows domain administrator’s login information, they also spread the virus over the business network, infecting all linked devices. Prior to the actual encryption process, fraudsters steal company data to utilize as additional leverage, like many other ransomware groups.

Following encryption, the virus drops a “akira_readme.txt” ransom letter into each folder on the machine. It offers details on what happened to the victim’s files and directs users to a data breach site where they may use a unique identity and password to start a chat with thieves.

If we are unable to come to an agreement over the stolen material, we shall attempt to sell any of your personal information, trade secrets, databases, source codes, or other valuable information on the black market. The black hackers write in their message that they would post all the data on their site after that. The Akira group spent a lot of time and work creating their data breach website, giving it a vintage appearance and making it operate like terminal interfaces.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.