Akira Ransomware Gang Adds Linux Machines to Addressable Targets


June 30, 2023

World map

While there is constant change in the ransomware economy, what has not changed is the fact that these criminal organizations continue to be profitable.  

Also, the increase in data exfiltration associated with ransomware attacks is presenting a whole other problem for victim organizations.

A ransomware gang known as Akira has recently become very active and has expanded its addressable target range in developing a Linux version.

“The Akira ransomware specifically targeted a wide range of industries during its attacks, encompassing sectors including Education, Banking, Financial Services and Insurance (BFSI), Manufacturing, Professional Services, and more” noted GBHackers.

“The group has already compromised 46 publicly disclosed victims, most of whom are in the United States."

Takeaway: More ransomware gangs have been developing Linux versions over the last year, but not much attention has been paid to what this trend means for the ransomware threat landscape. We should be concerned – very concerned.

While Linux has a much smaller footprint than Windows systems overall, Linux runs the most important systems including the vast majority of web servers, most embedded and IoT devices used in manufacturing and energy, almost every smartphone and supercomputer, almost all of the US government and military, and pretty much all of the critical backbone systems in any large network.

Yet, we barely see discussion around ransomware advancements in targeting Linux systems in the media. Groups like LockBit, IceFire, Black Basta, Cl0p – and now Akira and others – have all developed Linux targeting capabilities, which makes the likelihood we will see widespread, really disruptive ransomware attacks in the near future a distinct possibility.

The takeaway here is that any organization running critical Linux distributions should start preparing to defend these systems – but defending them is a challenge. Linux systems have very few security solution options available, and virtually none that focus on stopping specifically ransomware.

The targeting of Linux systems has the potential to cause a serious disruption beyond the scale of what we saw in the Colonial Pipeline attack. The consequences of not redoubling our efforts to defend Linux systems could prove catastrophic.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.