Following the takedown of the LockBit Ransomware group’s website in ‘Operation Cronos‘ by law enforcement agencies, there has been a notable surge in the activity of the Akira Ransomware group in recent weeks. This rise has been particularly pronounced since the day of the disruptions of LockBit operation.
According to cybersecurity firm Redsense, its security researchers have observed a significant increase in Akira ransomware attacks following the disruption of LockBit. Akira, believed to be a derivative of the now-defunct Conti group, has bolstered its operational capabilities by introducing a dedicated customer support service since February of this year.
Moreover, the Akira group has expanded its expertise by recruiting Research and Development professionals formerly associated with the Ryuk Ransomware group. These new team members have introduced innovations such as data-wiping capabilities and the ability to exfiltrate data to remote servers, leveraging terminology commonly used in military and defense sectors.
Yelisey Bohuslavsky, co-founder of Redsense, shared these insights on his LinkedIn profile, highlighting Akira’s efforts to recruit penetration testers from the Conti ransomware group. Additionally, there are reports of Akira planning a large-scale malware attack campaign targeting healthcare organizations worldwide, with an initial focus on the United States.
In parallel, Mikhail Vasiliev, a Russia-Canadian hacker arrested in November 2022 for his involvement in the spread of LockBit ransomware, has been convicted. The Ontario Court has sentenced Vasiliev to four years in prison and imposed an $800,000 fine as restitution to be distributed among Canadian victims.
Justice Michelle Fuerst has labeled Vasiliev a cyber terrorist and indicated the possibility of his extradition to the United States in upcoming hearings.