Cyber Threat Report: 'AA24-109A StopRansomware: Akira Ransomware'

Report Author CISA
Publication Date 2024-04-18
Original Reporting Source
Related Intrusion Sets Akira Ransomware Group
Identified CVEs CVE-2020-3259 , CVE-2023-20269

This is a joint #StopRansomware advisory issued by CISA and partners covering Akira ransomware attacks. According to the report, the group has impacted over 250 organizations and taken approximately $42 million in ransom payments. Although early versions of the Akira ransomware software were written in C++ and used the '.akira' extension, more recent attacks linked to the group utilize 'Megazord' which is written in Rust and uses a '.powerranges' extension. The advisory outlines tactics, techniques and procedures used by the group as well as providing recommended mitigations for network defenders. The publishers also recommend that implemented security controls should be validated by testing against the techniques outlined in the report.

Cyber Threat Graph Context

Explore how this report relates to the wider threat graph

Mitigations to defend against the techniques in this report

Identified MITRE ATT&CK Techniques