Intel Name: Updates to akira ransomware codebase
Date of Scan: September 17, 2024
Impact: High
Summary: We’ve recently noted changes in the Akira ransomware codebase. The ransomware now uses open-source crypto libraries for key import and data encryption instead of an API. The addition of KCipher2 alongside ChaCha20 is unusual, and metadata is now fully encrypted with RSA rather than partially. An autosave feature creates temporary .arika files during runtime, which, despite being deleted, can help in identifying Akira ransomware.