Today > | 7 High | 23 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Akira ransomware continues to evolve

Oct. 22, 2024, 9:57 a.m.

Description

Akira ransomware has established itself as a prominent threat, constantly evolving its tactics. Initially employing double-extortion, it shifted focus to data exfiltration in early 2024. The group developed a Rust variant of their ESXi encryptor, moving away from C++. Recently, Akira has returned to previous encryption methods combined with data theft. They exploit various vulnerabilities for initial access and lateral movement, targeting sectors like manufacturing and professional services. The ransomware now uses ChaCha8 cipher for faster encryption. Akira is likely to continue prioritizing high-impact CVEs and attacks against VMware ESXi and Linux environments, adapting their techniques to maintain operational stability and effectiveness.

Date

Published: Oct. 22, 2024, 9:43 a.m.

Created: Oct. 22, 2024, 9:43 a.m.

Modified: Oct. 22, 2024, 9:57 a.m.

Indicators

e3fa93dad8fb8c3a6d9b35d02ce97c22035b409e0efc9f04372f4c1d6280a481

ccda8247360a85b6c076527e438a995757b6cdf5530f38e125915d31291c00d5

dfe6fddc67bdc93b9947430b966da2877fda094edf3e21e6f0ba98a84bc53198

c0c0b2306d31e8962973a22e50b18dfde852c6ddf99baf849e3384ed9f07a0d6

bcae978c17bcddc0bf6419ae978e3471197801c36f73cff2fc88cecbe3d88d1a

b55fbe9358dd4b5825ce459e84cd0823ecdf7b64550fe1af968306047b7de5c9

abba655df92e99a15ddcde1d196ff4393a13dbff293e45f5375a2f61c84a2c7b

a6b0847cf31ccc3f76538333498f8fef79d444a9d4ecfca0592861cf731ae6cb

a546ef13e8a71a8b5f0803075382eb0311d0d8dbae3f08bac0b2f4250af8add0

9f393516edf6b8e011df6ee991758480c5b99a0efbfd68347786061f0e04426c

95477703e789e6182096a09bc98853e0a70b680a4f19fa2bf86cbb9280e8ec5a

8e9a33809b9062c5033928f82e8adacbef6cd7b40e73da9fcf13ec2493b4544c

88da2b1cee373d5f11949c1ade22af0badf16591a871978a9e02f70480e547b2

8816caf03438cd45d7559961bf36a26f26464bab7a6339ce655b7fbad68bb439

78d75669390e4177597faf9271ce3ad3a16a3652e145913dbfa9a5951972fcb0

68d5944d0419bd123add4e628c985f9cbe5362ee19597773baea565bff1a6f1a

6005dcbe15d60293c556f05e98ed9a46d398a82e5ca4d00c91ebec68a209ea84

566ef5484da0a93c87dd0cb0a950a7cff4ab013175289cd5fccf9dd7ea430739

43c5a487329f5d6b4a6d02e2f8ef62744b850312c5cb87c0a414f3830767be72

3805f299d33ef43d17a5a1040149f0e5e2d5db57ec6f03c5687ac23db1f77a30

2f629395fdfa11e713ea8bf11d40f6f240acf2f5fcf9a2ac50b6f7fbc7521c83

2c7aeac07ce7f03b74952e0e243bd52f2bfa60fadc92dd71a6a1fee2d14cdd77

28cea00267fa30fb63e80a3c3b193bd9cd2a3d46dd9ae6cede5f932ac15c7e2e

0ee1d284ed663073872012c7bde7fac5ca1121403f1a5d2d5411317df282796c

988776358d0e45a4907dc1f4906a916f1b3595a31fa44d8e04e563a32557eb42

87b4020bcd3fad1f5711e6801ca269ef5852256eeaf350f4dde2dc46c576262d

9585af44c3ff8fd921c713680b0c2b3bbc9d56add848ed62164f7c9b9f23d065

7f731cc11f8e4d249142e99a44b9da7a48505ce32c4ee4881041beeddb3760be

3298d203c2acb68c474e5fdad8379181890b4403d6491c523c13730129be3f75

131da83b521f610819141d5c740313ce46578374abb22ef504a7593955a65f07

c9c94ac5e1991a7db42c7973e328fceeb6f163d9f644031bdfd4123c7b3898b0

0c0e0f9b09b80d87ebc88e2870907b6cacb4cd7703584baf8f2be1fd9438696d

678ec8734367c7547794a604cc65e74a0f42320d85a6dce20c214e3b4536bb33

6cadab96185dbe6f3a7b95cf2f97d6ac395785607baa6ed7bf363deeb59cc360

1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc

3c92bfc71004340ebc00146ced294bc94f49f6a5e212016ac05e7d10fcb3312c

5c62626731856fb5e669473b39ac3deb0052b32981863f8cf697ae01c80512e5

Attack Patterns

Megazord

Akira

Akira

T1021.001

T1490

T1059.001

T1070.004

T1562.001

T1486

T1082

T1083

T1210

T1027

T1112

T1566

T1190

T1133

T1078

T1003

CVE-2024-40711

CVE-2024-40766

CVE-2024-37085

CVE-2023-27532

CVE-2023-48788

CVE-2023-20269

CVE-2023-20263

CVE-2020-3259

Additional Informations

Professional Services

Manufacturing