In this video demonstration, we show how the SentinelOne Singularity XDR Platform protects against the Megazord ransomware, an Akira variant.
This variant emerged in August of 2023, with the group’s ransomware payloads written in Rust. These payloads also contain multiple pop-culture references to the Power Rangers entertainment and merchandising franchise. The internal naming in the Rust project is “Megazord”. Encrypted files are noted with the “POWERRANGES” extension. That same name is used for the ransom note text file as lower-case “powerranges.txt”.
Payload traits are also in line and share commonalities with Akira ransomware. There are multiple static similarities, along with code similarities between “Megazord” and “Akira.” It stands to reason that “Megazord” is an evolution or branch of Akira ransomware.
Victims are instructed to contact the attacker via TOX messenger. A unique Telegram channel link, along with the TOX messenger ID, are provided in the ransom note, dropped into each folder containing encrypted files.
The SentinelOne Singularity Platform can return systems to their original state.
~~~Subscribe to our channels:~~~
Website: https://www.sentinelone.com/
LinkedIn: https://www.linkedin.com/company/sentinelone/
Twitter: https://twitter.com/SentinelOne
Facebook: https://www.facebook.com/SentinelOne
Instagram: https://www.instagram.com/sentinelsec/
Threads: https://www.threads.net/@sentinelsec
~~~~~~~~~~~~
SentinelOne is the only cybersecurity solution encompassing AI-powered prevention, detection, response, and hunting across endpoints, containers, cloud workloads, and IoT devices in a single autonomous platform. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed – to defeat every attack, at every stage of the threat lifecycle. To learn more visit www.sentinelone.com.
#endpoint #ransomwareprotection #ransomware #Megazord #Akira #AkiraRansomware