HomeCII/OTCRIL Researchers Uncover Linux Version of Akira Ransomware

CRIL Researchers Uncover Linux Version of Akira Ransomware

Published on

spot_img

A recent report by Cyble Research and Intelligence Labs (CRIL) has uncovered a new Linux variant of the Akira ransomware, signaling a change in tactics for the notorious ransomware group. The discovery raises concerns about the increasing vulnerability of Linux environments to cyber threats.

The Akira ransomware group has been a significant threat to cybersecurity and sensitive data, actively targeting numerous organizations across various sectors. Since its emergence in April 2023, Akira ransomware has compromised a total of 46 publicly disclosed victims. However, CRIL’s recent report indicates that an additional 30 victims have been identified, suggesting that the group’s reach is expanding rapidly. The majority of the victims are based in the United States, and they represent a broad range of industries, including education, banking, financial services, insurance, manufacturing, and professional services.

The Linux variant of Akira ransomware is executed through a 64-bit Linux Executable and Linkable Format (ELF) file. To initiate the ransomware, specific parameters must be provided, such as the path of files or folders to be encrypted, the path of the shared network drive to be encrypted, the percentage of files to be encrypted, and the creation of a child process for encryption.

When the Linux variant of Akira ransomware is executed, it utilizes a special type of encryption called RSA to lock the files on the compromised system. This encryption renders the files unreadable without the decryption key. The ransomware specifically targets certain file types, including documents, databases, and images, encrypting them to make them inaccessible. The encryption process uses various symmetric key algorithms, such as AES, CAMELLIA, IDEA-CB, and DES, to scramble the data in the files.

Once the files are encrypted, the Linux variant of Akira ransomware adds the “.akira” file extension to each compromised file. This change in file extension helps identify the files that have been encrypted. Additionally, the ransomware deposits a ransom note on the victim’s system, outlining the attackers’ demands and instructions for payment.

The emergence of the Linux variant of Akira ransomware underscores the vulnerability of Linux systems to cyber threats. Organizations utilizing Linux environments must be vigilant and implement robust security measures to protect against ransomware attacks. CRIL recommends several best practices to safeguard against the Linux variant of Akira ransomware.

Firstly, conducting regular backups of important data is crucial. It is essential to ensure that these backups are stored offline or in a separate network. This precautionary measure enables users to restore their data without paying the ransom in the event of an attack.

Secondly, enabling the automatic software update feature on all connected devices, including computers, mobile devices, and IoT devices, is essential. Regular software updates often include critical security patches that address vulnerabilities exploited by ransomware and other malware.

Installing and regularly updating a reputable antivirus and internet security software package on all connected devices is another vital step in protecting against ransomware threats. These software solutions can detect and mitigate ransomware attacks, providing an additional layer of protection.

Finally, exercising caution with links and email attachments can help prevent ransomware infections. Users should avoid clicking on untrusted links or opening email attachments from unknown or suspicious sources. Verifying the authenticity of these links and attachments before interacting with them is crucial, as they can serve as gateways for ransomware attacks.

As the Linux variant of Akira ransomware makes its mark, organizations must remain vigilant and take proactive steps to strengthen their security measures. By implementing these cybersecurity best practices, they can mitigate the risk of falling victim to ransomware attacks and protect their critical data.

Source link

Latest articles

950 Oracle E-Business Suite Instances Exposed to CVE-2026-46817 Attacks Detected in the Wild

Urgent Security Alert: Nearly 950 Oracle E-Business Suite Instances Exposed Amid Active Exploitation Attempts In...

OpenAI Allows Cyber Vendors to Integrate GPT-5.5 into Their Defense Systems

Daybreak Cyber Partner Program Expands Application of GPT-5.5 for Cybersecurity Solutions June 22, 2026 |...

NSF Launches AI Coordination Hubs Program

NSF Launches New AI Coordination Hubs Program to Strengthen Regional Intelligence Capacity The National Science...

More like this

950 Oracle E-Business Suite Instances Exposed to CVE-2026-46817 Attacks Detected in the Wild

Urgent Security Alert: Nearly 950 Oracle E-Business Suite Instances Exposed Amid Active Exploitation Attempts In...

OpenAI Allows Cyber Vendors to Integrate GPT-5.5 into Their Defense Systems

Daybreak Cyber Partner Program Expands Application of GPT-5.5 for Cybersecurity Solutions June 22, 2026 |...