Experts believe the Akira ransomware operation is up to its old tricks again, encrypting victims' files after a break from the typical double extortion tactics. That's according to James Nutland and Michael Szeliga, security researchers at Cisco Talos, who noted that the decision to revert to old ways is a sign the group is looking for greater stability and efficiency from its affiliate program.
The payload was updated - it's not a carbon copy of the first - but it's largely similar and appears to show a deliberate consolidation of the group's tools. After pivoting from the first Akira payload in late 2023, the group was using two different encryptors, the Megazord variant for Windows and the Rust-based Akira v2 for Linux. The exploration of the Rust programming language in recent Linux encryptors signals the threat actor's willingness to experiment with different coding frameworks, potentially leading to more developed and resilient ransomware variants.
Collection
[
|
...
]