The Cybersecurity and Infrastructure Security Agency and its U.S. and international partners have released a joint cybersecurity advisory, or CSA, warning organizations against the Akira ransomware that has targeted critical infrastructure entities in North America, Europe and Australia.
The CSA outlines known tactics, techniques and procedures used by Akira ransomware operators and indicators of compromise to help organizations respond to ransomware attacks, CISA said Thursday.
According to the advisory, Akira threat actors have deployed a Linux variant targeting VMware ESXi virtual machines after initially focusing on Windows systems.
As of January, the ransomware group has targeted more than 250 organizations and gained approximately $42 million in ransomware proceeds.
In August 2023, Akira attacks started using Megazord, using Rust-based code, and Akira ransomware written in C++ and encrypted files.
CISA and its partners encourage organizations to implement the mitigations outlined in the CSA to reduce the impact of Akira ransomware attacks.
