Malware And CampaignsCampaign

Akira lookalike ransomware using Babuk based encryptor in South America

April 4, 2026ESET Research

ESET Research reports an Akira lookalike ransomware campaign in South America using a Babukbased encryptor that appends the .akira extension and mimics Akira ransom notes and Tor URLs.

Open in PulseSee the full expert discussion →

QUOTES

ESETresearch has identified an Akira lookalike ransomware campaign targeting South America.

The threat actor is using a Babukbased encryptor that appends the .akira extension

drops a ransom note that mimics Akira both in Tor URLs and the overall content.

identified an Akira lookalike ransomware campaign targeting South America.

using a Babukbased encryptor that appends the .akira extension

drops a ransom note that mimics Akira

VOICES

ESET Research

RELATED TERMS

ransomwarecyber threat

OTHER FINDINGS IN MALWARE AND CAMPAIGNS

Axios npm package compromise, WAVESHAPER.V2 cross platform RAT Handala Hack Telegram threat claiming imminent Lockheed Martin data leak Telnyx PyPI compromise (TeamPCP) shipping malware in telnyx 4.87.1/4.87.2

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security