Akira Begins March With 2 Victims
Akira’s new victims are the Gansevoort Hotel from the US and the Canadian CoreData. The organization has been on a roll lately, increasing its activity considerably during 2023.
- Akira posted evidence of the attacks on its public platform
- The hackers detailed some of the data they’ve managed to steal, including confidential client information, financial sheets, and even passports and driver’s licenses
- Akira’s cybercriminal operations usually lead to considerable data leaks, especially in the case of high-value targets
- Ever since October of 2023, Akira has been under constant fire from the FBI and CISA
The organization is currently under scrutiny from law enforcement agencies looking to crack into its operations. So far, Akira has been proven to be an impenetrable target due to its elusiveness and advanced defenses.
As is typically the case with Akira attacks, the victims haven’t received any details regarding the value of the ransom. That is to be negotiated later on. The attackers only provided instructions regarding the communications channel and date.
Once contact is made, Akira representatives will discuss the ransom and the terms of payment. To be noted, the hackers guarantee the confidentiality of the discussions.
More importantly, Akira is known to require substantial ransoms, usually because of the double-extortion method. This means that the victim needs to negotiate for the deletion of the data and the decryption key.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
Akira’s Cybercriminal Profile
Akira is a relatively young ransomware actor with less than 2 years of activity. However, it’s also among the most advanced and sophisticated as well. Which makes it notoriously difficult to crack.
Akira got its name from a 1988 anime and also borrowed the movie’s cyberpunk aesthetics for its website. The organization also appears to favor US-based victims, although it has hit targets across the ocean as well.
When it comes to the preferred industries, Akira appears to be a jack of all trades. They always follow the money, which often brings them into the service & goods sector, as well as manufacturing, education, and construction.
When it comes to the general MO, Akira uses multiple strategies. Most importantly, it leverages a variety of tools to exploit the victim’s vulnerabilities. These include, but are not limited to:
- BoodHound – Retrieve information from Active Directory
- GMER – Detect and remove rootkits
- IOBIT – Disable the anti-virus
- Cobalt Strike – Assist with file execution
- WinRAR – Pack and exfiltrate data more easily
- Microsoft Nltest – Initiate network discovery
These are just a sample of the total number of tools that the group will use during infiltration. Experts warn that Akira is a highly sophisticated attacker who rarely makes mistakes. A robust and multi-layered defense system is necessary to ensure maximum protection.
It is recommended to rely on professionals in this sense, especially if you fit Akira’s victim profile. Even if you are tech-savvy, it’s always better to rely on actual experts to patch your vulnerabilities.
Akira’s activity has been on a downward trend during the second half of 2023, but things appear to change for 2024. Experts use Akira’s new attacks as a wake-up call to raise awareness about the organization’s potential.