Despite the decryptor for the Akira ransomware that was released in the end of June 2023, the group still seems to successfully extort victims. In July, we observed 15 new victims of the group, either publicly disclosed or detected by KELA in the course of their negotiations. It seems that some of the July victims were infected with the Linux version of the Akira ransomware, based on the list of stolen files. However, at least for some victims the infected machines were running on Windows.

Financially-motivated cybercriminals are usually staying away from politics, but when politics hit close to home, they strike back. In this thread, we share a quick recap of the most interesting initiatives and discussions about #UkraineRussiaConflict on cybercrime forums. A user on CrdClub proposed to organize a fundraiser to support the families and children in Ukraine. The author shared a BTC wallet that was issued by the forum’s admin specifically for this cause.

Former #Babuk and Payload.bin leak site has changed again. Now it's a place where "successful people can stay protected from the RaaS services' scam." The admin claims that following the ransomware ban on other forums, he wants to create a new community. Also, the admin says he - probably - has some connection with the recent leak of Babuk's builder but now he is not affiliated with the gang: "I recommend to blacklist this product to all security firms and data security [specialists]."