Ako is a financially motivated ransomware-as-a-service (RaaS) variant that emerged in September 2019, sometimes referred to as AKO Doxware or Medusa Reborn, though its creators have stated it is distinct from MedusaLocker. It operates on a model where core developers maintain the malware, and affiliates conduct attacks, with ransom payments typically split between them (55-60% to affiliates, the rest to developers). The group is assessed to be based in Russia, leveraging Russian infrastructure for its operations. What distinguishes Ako/MedusaLocker is its strategy of avoiding the encryption of executable files to ensure the compromised system remains functional for ransom payment. It also employs a hybrid encryption scheme using AES-256 and RSA-2048, and often reboots infected machines into safe mode to bypass security defenses.

Paises afectados

URLs nuevas detectadas en IntelTracker