Howling Scorpius (Akira Ransomware)

SUMMARY :

Howling Scorpius, the entity behind Akira ransomware-as-a-service, has become one of the top five most active ransomware groups since emerging in early 2023. They target small to medium-sized businesses across various sectors in North America, Europe, and Australia using a double extortion strategy. The group operates Windows and Linux/ESXi encryptors, and is actively enhancing its toolkit. Their tactics include exploiting vulnerable VPN services, using valid accounts from dark web brokers, targeting RDP, and conducting spear-phishing campaigns. They employ tools like Mimikatz and LaZagne for credential access, and use WinRAR, WinSCP, RClone, and FileZilla for data exfiltration. The group has also introduced new variants like Megazord and Akira v2, demonstrating ongoing development efforts.

OPENCTI LABELS :

ransomware,raas,akira,double extortion,megazord,howling scorpius


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Howling Scorpius (Akira Ransomware)