FBI: Bitcoin ransomware Akira stole $42 million from more than 250 companies

The US Federal Bureau of Investigation has discovered a group responsible for the development of a ransomware program codenamed Akira, which carries out attacks on enterprises and critical infrastructure in the regions of North America, Europe and Australia.
Ransomware is a type of malware designed for extortion. Such a virus blocks access to a computer system or prevents data stored on it from being read (often using encryption methods), and then demands a ransom from the victim to restore it to its original state, often in cryptocurrencies.
Over the past year, a ransomware group known as Akira has infiltrated the systems of more than 250 organizations and made an estimated $42 million in profit, according to the world's leading cybersecurity agencies.

Investigations conducted by the US Federal Bureau of Investigation (FBI) show that Akira ransomware has been targeting businesses and critical infrastructure in North America, Europe and Australia since March 2023. It was initially targeted at Windows systems, but the FBI recently discovered a Linux version called Linux Akira.

Akira interface example

The Joint Cybersecurity Advisory (CSA) issued by the FBI, Cybersecurity and Infrastructure Security Agency (CISA), Europol's European Cybercrime Center (EC3) and the Netherlands National Cyber Security Center (NCSC-NL) aims to prevent the spread of a threat of mass nature.

Following these guidelines, the Akira ransomware group gains initial access through pre-installed virtual private networks (VPNs) that are not protected by multi-factor authentication (MFA). The ransomware then steals credentials and other sensitive information before locking the system and demanding a ransom.
Akira does not leave the initial request or payment instructions on the compromised computers. Hackers will not transmit this information until the victim contacts them,” law enforcement officials said.
The FBI, CISA, NCSC and the US National Security Agency (NSA) have previously issued warnings about malware that has been used to attack crypto wallets and exchanges.

Source: National Cyber Security Center. USA

The report notes that the malware extracted data from the directories of exchange apps Binance and Coinbase, as well as the Trust Wallet app. According to the report, every file in the specified directories was stolen, regardless of type.
And we at AML Crypto remind you that you can check your crypto wallet for purity, perform AML address verification, track a transaction - this and more you can do in our Btrace solution. Free AML wallet verification for every new user.
Check blockchain address using Btrace
In seconds, determine the risk level of the counterparty’s address, find out the source of his funds and make an informed decision about interacting with him.




We also recommend