• Home
  • News
  • Akira Ransomware Attacks Australia and Brazil

Akira Ransomware Group Attacks Australia and Brazil

Miklos Zoltan

By Miklos Zoltan . 13 December 2023

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

Akira ransomware group has recently targeted two major companies, Goiasa, dealing in renewable energy from Brazil, and MSD Information Technology from Australia. It’s unclear whether the victims paid the ransom.

  • Akira posted some brief information about the attacks shortly after they happened
  • The organization apparently secured up to 47 GB of confidential data, including operation details, client info, financial docs and much more
  • It appears as if the Australian target refused to pay the ransom, as Akira announced that they will soon publish the data they’ve collected
  • Akira is a newcomer in the ransomware business, emerging in March of 2023, but becoming very popular very quickly

The recent attacks are the latest in a growing string of operations, as Akira now qualifies as one of the fastest-growing cybercrime organizations. The attacks were meant to primarily steal the victims’ data to blackmail the organizations for money.

If they refuse, Akira would publish the sensitive information or sell it on the dark web to the highest bidder. According to the preliminary evidence, MSD Information Technology refused to pay the ransom.

Tweet showing the Akira attack announcements
https://twitter.com/FalconFeedsio/status/1734490774211895303

The attacks fall in line with Akira’s preferred operation method. The organization targets larger institutions, state-owned and private, looking to extort large sums of money. The ransom typically varies between $200,000 and, in some cases, over $4 million.

Who is Akira?

Akira ranks among the most recent threat actors with an impressive surge in popularity and activity. The organization focuses on extorting high-profile targets, usually demanding hefty ransoms. Regarding the group’s identity or roots, opinions are divided.

The most popular theory is that Akira is the successor of the now-defunct Conti ransomware organization. Conti is also a successor of Ryuki, a popular cyberthreat organization that was highly targeted by the authorities and had to dissolve as a result.

Akira shares a lot of similarities with Conti, starting with the MO and ending with the source code. Akira also shares its name with the famous Akira ransomware family that died out in 2017. The two use the same file extension, but that’s the only thing they share.

Interestingly, Akira relies on a double extortion method and provide victims with one of two options. The victim either pays for file decryption or data deletion. Or both. But the price for the latter is greatly increased.

If the victim refuses to pay for the data deletion, Akira will encrypt the data so that the victim regains control over it. But the group will retain the cloned data anyway, which often forces the victim to pay for deleting it as well.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Miklos Zoltan
Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Miklos Zoltan
  • Connect with the author:

Leave a Comment