A group that has remained in the shadows of the giants of ransomware attacks, but which has now shown itself to be a well-structured and accurate attacker, the Akira ransomware.
The group was first spotted in March 2023 and since then it has been constantly attacking, but unlike the big ransomware, Akira has focused its attacks on medium-sized and small companies, mostly located in France, but the biggest companies it has attacked are based in the United States.
The group made its attacks more robust by exploiting vulnerabilities in the Cisco VPN. Through this access, the group had access to the company’s internal network and was able to move laterally throughout the system, mapping files to be encrypted.
After identifying the exploitation of vulnerabilities in its VPN, Cisco released an update and notified its users of the vulnerability. After that, the group updated its ransomware and added a Linux encryptor to target VMware ESXi virtual machines, which shows a clear evolution of Akira.
The group uses the RaaS (Ransomware as a Service) strategy, this tactic consists of selling the malware to smaller groups or malicious users, the group maintains certain rules to target its affiliates. This tactic is used by numerous groups, benefiting the group’s growth and reputation.
Akira uses the ChaCha20 encryption algorithm. This algorithm generates a key for decrypting files, which is then encrypted by the RSA algorithm. The group therefore uses two layers of encryption. The encrypted files are given the .akira extension.
In addition to encrypting the data, the group extracts sensitive files for the victim and sets a date for payment of the ransom, if the payment is not made by the set date the stolen files are released.
But even though there is all this pressure to pay the ransom, it is not recommended under any circumstances. There is no guarantee that the decryption key will be delivered after payment.
So look for other ways to recover your encrypted data, such as backups if they haven’t been encrypted either. But if restoring your data through backups is not possible, seek the help of data recovery professionals who can decrypt the Akira ransomware, such as Digital Recovery. They will be able to help you decrypt the encrypted files.
Decrypt Akira Ransomware
Digital Recovery has exclusive technologies for decrypting Akira ransomware. We have extensive technical expertise and state-of-the-art tools. We can decrypt files in databases, virtual machines, RAID systems, storages and more.
All of our solutions are proprietary and have been developed on the basis of the General Data Protection Regulation (GDPR), so we offer total security that the processes are safe.
A non-disclosure agreement (NDA) is also made available to all clients, ensuring confidentiality throughout the process. However, if you are interested in using an NDA developed by your company, we are willing to analyse it with our legal department and agree to it.
Our solutions can be executed remotely, which drastically reduces the time it takes to decrypt the data. For cases of extreme need, we have developed emergency recovery mode, in which case our laboratories operate with 24×7 availability.
Count on our solutions and professionals to decrypt Akira ransomware.
