1. Home
  2. Software
  3. Megazord

Megazord

Megazord is a Rust-based variant of Akira ransomware that has been in use since at least August 2023 to target Windows environments. Megazord has been attributed to the Akira group based on overlapping infrastructure though is possibly not exclusive to the group.[1][2][3]

ID: S1191
Type: MALWARE
Platforms: Windows
Contributors: Jiraput Thamsongkrah
Version: 1.0
Created: 08 January 2025
Last Modified: 11 March 2025
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1059 .003 Command and Scripting Interpreter: Windows Command Shell

Megazord can execute multiple commands post infection via cmd.exe.[3]
Enterprise T1486 Data Encrypted for Impact

Megazord can encrypt files on targeted Windows hosts leaving them with a ".powerranges" file extension.[1][2][3]
Enterprise T1083 File and Directory Discovery

Megazord can ignore specified directories for encryption.[3]
Enterprise T1654 Log Enumeration

Megazord has the ability to print the trace, debug, error, info, and warning logs.[3]
Enterprise T1057 Process Discovery

Megazord can terminate a list of specified services and processes.[3]
Enterprise T1489 Service Stop

Megazord has the ability to terminate a list of services and processes.[3]

Groups That Use This Software

ID Name References
G1024 Akira

[1][2][3]

References

  1. CISA et al. (2024, April 18). #StopRansomware: Akira Ransomware. Retrieved December 10, 2024.
  2. Nutland, J. and Szeliga, M. (2024, October 21). Akira ransomware continues to evolve. Retrieved December 10, 2024.
  1. Zemah, Y. (2024, December 2). Threat Assessment: Howling Scorpius (Akira Ransomware). Retrieved January 8, 2025.