Howling Scorpius (Akira Ransomware)
Dec. 3, 2024, 4:54 p.m.
Description
Howling Scorpius, the entity behind Akira ransomware-as-a-service, has become one of the top five most active ransomware groups since emerging in early 2023. They target small to medium-sized businesses across various sectors in North America, Europe, and Australia using a double extortion strategy. The group operates Windows and Linux/ESXi encryptors, and is actively enhancing its toolkit. Their tactics include exploiting vulnerable VPN services, using valid accounts from dark web brokers, targeting RDP, and conducting spear-phishing campaigns. They employ tools like Mimikatz and LaZagne for credential access, and use WinRAR, WinSCP, RClone, and FileZilla for data exfiltration. The group has also introduced new variants like Megazord and Akira v2, demonstrating ongoing development efforts.
Tags
Date
- Created: Dec. 3, 2024, 4:35 p.m.
- Published: Dec. 3, 2024, 4:35 p.m.
- Modified: Dec. 3, 2024, 4:54 p.m.
Linked vulnerabilities
Indicators
- e702a572b514984deacaa54408059c6eac28e46111cb6f0f4190a3a6a72dd41d
- cc970bd2673e46c7e0df5430ab617bc2a9214b4d5c2c44252af681a08ff526a8
- 9f873c29a38dd265decb6517a2a1f3b5d4f90ccd42eb61039086ea0b5e74827e
- 7ca3e6b4dd4d98506faa92ab590108cacb2945b8c27dcf1ac75b0df4a206493a
- 74f497088b49b745e6377b32ed5d9dfaef3c84c7c0bb50fabf30363ad2e0bfb1
- 6a5e547756ef1256f1eb9df0249245c35461affd009be8f046559bc007cafcf2
- 67f82a54ea49c6f286681d179cc7afc8b41b6b34284cc17bdd52916cc3656160
- 5f72bdb14e138f10c1658248fdaf10db2fd1e812240966e009bbcf8d463e099c
- 58e9cd249d947f829a6021cf6ab16c2ca8e83317dbe07a294e2035bb904d0cf3
- 56f1014eb2d145c957f9bc0843f4e506735d7821e16355bcfbb6150b1b5f39db
- 3dc7d4023c7380ed740ac5ac7d82a4ba6f587f430b2b7b66f1d34a44f89c39cb
- 3999a25f8f0fd8252aa9250fa9bd70aae202f181812cc6c230c8ea2842340f18
- 300bc2769c6d62ba9d228cc45e126cd458e1a23fd23092da258053afd82f2755
- 2db4a15475f382e34875b37d7b27c3935c7567622141bc203fde7fe602bc8643
- 2727c73f3069457e9ad2197b3cda25aec864a2ab8da3c2790264d06e13d45c3d
- 1ba1ccfacffbb6be9480380f5535a30d3eee1dd7787f3c649ebf8ea2a6a5de51
- 08207409e1d789aea68419b04354184490ce46339be071c6c185c75ab9d08cba
- e3fa93dad8fb8c3a6d9b35d02ce97c22035b409e0efc9f04372f4c1d6280a481
- dfe6fddc67bdc93b9947430b966da2877fda094edf3e21e6f0ba98a84bc53198
- c0c0b2306d31e8962973a22e50b18dfde852c6ddf99baf849e3384ed9f07a0d6
- bcae978c17bcddc0bf6419ae978e3471197801c36f73cff2fc88cecbe3d88d1a
- b55fbe9358dd4b5825ce459e84cd0823ecdf7b64550fe1af968306047b7de5c9
- a6b0847cf31ccc3f76538333498f8fef79d444a9d4ecfca0592861cf731ae6cb
- 9f393516edf6b8e011df6ee991758480c5b99a0efbfd68347786061f0e04426c
- 95477703e789e6182096a09bc98853e0a70b680a4f19fa2bf86cbb9280e8ec5a
- 8e9a33809b9062c5033928f82e8adacbef6cd7b40e73da9fcf13ec2493b4544c
- 8816caf03438cd45d7559961bf36a26f26464bab7a6339ce655b7fbad68bb439
- 68d5944d0419bd123add4e628c985f9cbe5362ee19597773baea565bff1a6f1a
- 6005dcbe15d60293c556f05e98ed9a46d398a82e5ca4d00c91ebec68a209ea84
- 43c5a487329f5d6b4a6d02e2f8ef62744b850312c5cb87c0a414f3830767be72
- 3805f299d33ef43d17a5a1040149f0e5e2d5db57ec6f03c5687ac23db1f77a30
- 2f629395fdfa11e713ea8bf11d40f6f240acf2f5fcf9a2ac50b6f7fbc7521c83
- 28cea00267fa30fb63e80a3c3b193bd9cd2a3d46dd9ae6cede5f932ac15c7e2e
- 0ee1d284ed663073872012c7bde7fac5ca1121403f1a5d2d5411317df282796c
- 9585af44c3ff8fd921c713680b0c2b3bbc9d56add848ed62164f7c9b9f23d065
- 7f731cc11f8e4d249142e99a44b9da7a48505ce32c4ee4881041beeddb3760be
- 3298d203c2acb68c474e5fdad8379181890b4403d6491c523c13730129be3f75
- 131da83b521f610819141d5c740313ce46578374abb22ef504a7593955a65f07
- c9c94ac5e1991a7db42c7973e328fceeb6f163d9f644031bdfd4123c7b3898b0
- 82e25f32e01f1898ccce2b6d5292245759733c22a104443a8a9c7db1ebf05c57
- 0c0e0f9b09b80d87ebc88e2870907b6cacb4cd7703584baf8f2be1fd9438696d
- 1d3b5c650533d13c81e325972a912e3ff8776e36e18bca966dae50735f8ab296
- 678ec8734367c7547794a604cc65e74a0f42320d85a6dce20c214e3b4536bb33
- 1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc
Attack Patterns
- Akira - S1129
- Megazord
- Howling Scorpius
- T1003.003
- T1558.003
- T1021.002
- T1021.001
- T1490
- T1018
- T1070.004
- T1562.001
- T1489
- T1486
- T1016
- T1082
- T1057
- T1053
- T1566
- T1190
- T1078
- T1003
- CVE-2024-0012
- CVE-2024-9474
- CVE-2023-20269
- CVE-2020-3259
Additional Informations
- Pharmaceuticals
- Consulting
- Technology
- Education
- Telecommunications
- Government
- Manufacturing
- Australia
- Canada
- United States of America