Akira Ransomware Group Attacks Australia and Brazil
Akira ransomware group has recently targeted two major companies, Goiasa, dealing in renewable energy from Brazil, and MSD Information Technology from Australia. It’s unclear whether the victims paid the ransom.
- Akira posted some brief information about the attacks shortly after they happened
- The organization apparently secured up to 47 GB of confidential data, including operation details, client info, financial docs and much more
- It appears as if the Australian target refused to pay the ransom, as Akira announced that they will soon publish the data they’ve collected
- Akira is a newcomer in the ransomware business, emerging in March of 2023, but becoming very popular very quickly
The recent attacks are the latest in a growing string of operations, as Akira now qualifies as one of the fastest-growing cybercrime organizations. The attacks were meant to primarily steal the victims’ data to blackmail the organizations for money.
If they refuse, Akira would publish the sensitive information or sell it on the dark web to the highest bidder. According to the preliminary evidence, MSD Information Technology refused to pay the ransom.
The attacks fall in line with Akira’s preferred operation method. The organization targets larger institutions, state-owned and private, looking to extort large sums of money. The ransom typically varies between $200,000 and, in some cases, over $4 million.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
Who is Akira?
Akira ranks among the most recent threat actors with an impressive surge in popularity and activity. The organization focuses on extorting high-profile targets, usually demanding hefty ransoms. Regarding the group’s identity or roots, opinions are divided.
The most popular theory is that Akira is the successor of the now-defunct Conti ransomware organization. Conti is also a successor of Ryuki, a popular cyberthreat organization that was highly targeted by the authorities and had to dissolve as a result.
Akira shares a lot of similarities with Conti, starting with the MO and ending with the source code. Akira also shares its name with the famous Akira ransomware family that died out in 2017. The two use the same file extension, but that’s the only thing they share.
Interestingly, Akira relies on a double extortion method and provide victims with one of two options. The victim either pays for file decryption or data deletion. Or both. But the price for the latter is greatly increased.
If the victim refuses to pay for the data deletion, Akira will encrypt the data so that the victim regains control over it. But the group will retain the cloned data anyway, which often forces the victim to pay for deleting it as well.