Akira RaaS Targets Nutanix VMs, Threatens Critical Orgs
The Akira ransomware group has been experimenting with new tools, bugs, and attack surfaces, with demonstrated success in significant sectors.
Akira is a ransomware family that can disrupt systems, with coverage of reported incidents, technical analysis, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
Akira is a ransomware family known for encrypting victims’ files and demanding payment for decryption keys. It typically targets Windows systems, using strong encryption algorithms to lock data and hinder recovery without the attacker’s cooperation. Akira ransomware often appends specific file extensions to encrypted files and may leave ransom notes with instructions for payment.
From a security perspective, Akira poses risks including data loss and operational disruption. Defenders should focus on maintaining up-to-date backups, applying timely patches to reduce vulnerabilities that could enable initial access, and monitoring for indicators of compromise such as unusual file encryption activity or ransom note creation. Network segmentation and endpoint detection can help contain infections and support incident response efforts against Akira ransomware attacks.
Weekly headline count for the current query.
The Akira ransomware group has been experimenting with new tools, bugs, and attack surfaces, with demonstrated success in significant sectors.
The network security vendor said the MySonicWall breach was unrelated to the recent wave of Akira ransomware attacks targeting the company's devices.
Akira ransomware actors are currently targeting SonicWall firewall customers vulnerable to a bug discovered last year.
Flashpoint published its 2025 mid-year ransomware report that highlighted the top five most prolific groups currently in operation.
An uptick of ransomware activity by the group in late July that uses the vendor's SSL VPN devices for initial intrusion shows evidence of an as-yet-undisclosed flaw under exploitation.
Of the numerous victims, at least three refused to pay the demanded ransom, with the rest seemingly in talks with the cybercriminal group.
CISA has added CE-2024-40766 to its known exploited vulnerabilities catalog.
The gang's time from initial access to draining data out of a Veeam server is shockingly fast; after which the attackers went on to deploy actual ransomware in less than a day.
The threat actor exfiltrated 690 gigabytes of uncompressed data, or 767,035 files.
The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach.
A new version of the double-extortion group's malware reflects a growing trend among ransomware actors to expand cybercrime opportunities beyond Windows.