Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month
Qilin, Akira and Dragonforce were responsible for 40% of 672 ransomware incidents reported in March, says Check Point
Akira is a ransomware family that can disrupt systems, with coverage of reported incidents, technical analysis, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
Akira is a ransomware family known for encrypting victims’ files and demanding payment for decryption keys. It typically targets Windows systems, using strong encryption algorithms to lock data and hinder recovery without the attacker’s cooperation. Akira ransomware often appends specific file extensions to encrypted files and may leave ransom notes with instructions for payment.
From a security perspective, Akira poses risks including data loss and operational disruption. Defenders should focus on maintaining up-to-date backups, applying timely patches to reduce vulnerabilities that could enable initial access, and monitoring for indicators of compromise such as unusual file encryption activity or ransom note creation. Network segmentation and endpoint detection can help contain infections and support incident response efforts against Akira ransomware attacks.
Weekly headline count for the current query.
Qilin, Akira and Dragonforce were responsible for 40% of 672 ransomware incidents reported in March, says Check Point
A new report from Halcyon finds that the group also puts more effort than usual into developing working decryptors, likely to incentivize businesses to pay up. The post Akira ransomware group can achieve initial access to data encryption in less than an hour appeared first on CyberScoop.
Halcyon says Akira is now capable of carrying out an entire ransomware attack in less than an hour
Businesses That Inherit SSL VPNs Through M&A Activity Falling Victim, Warn ExpertsMultiple large enterprises that inherited SonicWall SSL VPN devices when they acquired a smaller entity have fallen victim to the Akira ransomware group, security researchers warn. Investigations of multiple intrusions found they began when attackers used "unmonitored and unrotated" credentials.
Acquirers inherit more than staff and systems Routine mergers and acquisitions are giving extortionists an easy way in, with Akira affiliates reaching parent networks through compromised SonicWall gear inherited in the deal, according to ReliaQuest.…
Also: Akira Ransomware Targets Healthcare, AI's Sycophancy Becomes a Security RiskIn this week's ISMG Editors' Panel, four editors discussed the staffing crisis confronting America's cyber defense agency, the escalating Akira ransomware threat putting more pressure on healthcare, and growing concerns over whether AI models used in security can actually be trusted.
The Akira ransomware group has been experimenting with new tools, bugs, and attack surfaces, with demonstrated success in significant sectors.
Advisory updated as leading cybercrime crew opens up its target pool The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance to organizations on the Akira ransomware operation, which poses an imminent threat to critical sectors.…
Akira ransomware has extorted $244M since September 2025, with some attacks exfiltrating data in just two hours, a joint cybersecurity advisory warns
US government agencies are warning that the Akira ransomware operation has been spotted encrypting Nutanix AHV virtual machines in attacks. [...]
The network security vendor said the MySonicWall breach was unrelated to the recent wave of Akira ransomware attacks targeting the company's devices.
The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. [...]
Akira Ransomware Hackers Targeting SonicWall DevicesFirewall maker SonicWall said Friday all customers who used its cloud backup services are at increased "risk of targeted attacks" following a recent cyberattack. The California firm in September disclosed that unidentified hackers launched brute-force attacks against servers storing backup files.
Akira Ransomware Hackers Targeting SonicWall DevicesFirewall maker SonicWall said Friday all customers who used its cloud backup services are at increased "risk of targeted attacks" following a recent cyberattack. The California firm in September disclosed that unidentified hackers launched brute-force attacks against servers storing backup files.
Akira ransomware actors are currently targeting SonicWall firewall customers vulnerable to a bug discovered last year.
'Opportunistic, Mass Exploitation' Campaign Surging, Say Cybersecurity ResearchersAttackers wielding Akira ransomware appear to be engaged in an "opportunistic, mass exploitation" of SonicWall SSL VPN servers, even when they're using the latest firmware and configured to require multifactor authentication one-time passwords, warn cybersecurity researchers.
Akira ransomware attacks on SonicWall SSL VPN appliances are bypassing its MFA for rapid deployment
Ongoing Akira ransomware attacks targeting SonicWall SSL VPN devices continue to evolve, with the threat actors found to be successfully authenticating despite OTP MFA being enabled on accounts. [...]
Also, Akira Ransomware Resumes Attacks Via SonicWall FlawsThis week, the Vidar infostealer, BlackDB admin, Akira ransomware hackers and Patch Tuesday. A warning for British bankers, a Cursor flaw, a Brazilian dating app shut down. KazMunayGas said it wasn't hacked. Wealthsimple and Hello Gym data breaches. A macOS backdoor hid in plain sight for years.
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. [...]