Intel Name: Akira ransomware continues to evolve
Date of Scan: October 23, 2024
Impact: High
Summary: Akira continues to establish itself as one of the most significant ransomware operations, as highlighted by Cisco Talos’ findings. Their ongoing evolution contributes to their success; after releasing a new version of their encryptor earlier this year, they have introduced another iteration that targets both Windows and Linux systems. Initially, Akira used a double-extortion method, exfiltrating critical data before encrypting victim systems. However, since early 2024, they have shifted focus solely to data exfiltration, likely allowing time to enhance their encryptor while also developing a Rust variant of their ESXi encryptor.