SentinelOne Demo: SentinelOne VS Akira Ransomware – Protection, Detection, and Mitigation

In this video demo, we showcase how SentinelOne’s XDR technology protects, detects, and responds to Akira ransomware. Akira ransomware operations were initiated in March 2023. The actors behind it practice multi-extortion. They host a TOR-based (.onion) website where they list victims along with any stolen data (should a victim fail to comply with attacker demands). Akira attackers do not discriminate when it comes to victimology. As of this writing, they have targeted educational institutions as well as those in the financial, manufacturing, real estate and medical industries.

Upon launch, the ransomware payloads Akira will initiate PowerShell commands to remove VSS (Volume Shadow Copies). The ransomware appends the .akira extension to all files affected by the encryption. In the event that a file is locked by the Windows operating system, the ransomware will attempt to utilize the WRM (Windows Restart Manager) API to address said issues.

Victims are instructed to contact the attacker via their TOR-based portal (.onion), where they enter their unique identifier (from the ransom notes) to begin negotiations. The group is known to demand outrageous ransom payments, reaching hundreds of millions of dollars.

Experience the power of SentinelOne’s XDR solution and witness first-hand its effectiveness in combating Akira ransomware. Subscribe to our channels for more in-depth analysis and real-life examples from the forefront of cybersecurity.