Sixteen companies in finance, manufacturing, education, real estate, and consulting worldwide have already been claimed to be compromised by the new Akira ransomware operation
since its inception in March, reports BleepingComputer
The Akira ransomware group, which is believed to be different from the Akira ransomware initially reported in 2017, has been noted to target corporate networks to obtain Windows domain admin credentials before it proceeds with ransomware deployment across the network, while corporate files are being stolen by the ransomware gang prior to file encryption.
Akira's encryptor targets files of different file extensions but skips those ending in .exe, .dll, .msi, .lnk, and .sys, as well as those located in the Windows, System Volume Information, Recycle Bin, and Program Data folders.
Data stolen from four of the entities compromised by Akira have already been posted on its leak site, with the ransomware operation seeking ransoms between $200,000 and millions of dollars but showed willingness to reduce the demands for victims that did not need a decryptor.