Adrian Johnson
TLDR:
- The Akira ransomware gang has extorted $42 million from over 250 victims, targeting businesses and critical infrastructure globally.
- They initially focused on Windows systems before deploying a Linux variant targeting VMware ESXi virtual machines.
The Akira ransomware gang has extorted approximately $42 million from over 250 victims, impacting businesses and critical infrastructure in North America, Europe, and Australia. They initially focused on Windows systems but later shifted to a Linux variant targeting VMware ESXi virtual machines. The group gains initial access through known flaws in Cisco appliances, RDP, spear-phishing, valid credentials, and VPN services lacking MFA protections. They use tools like Mimikatz and LaZagne for privilege escalation, along with Windows RDP for lateral movement within networks. Akira uses a hybrid encryption algorithm and inhibits system recovery by deleting shadow copies. The group is likely affiliated with the now-defunct Conti ransomware gang. Recent developments also include the use of an updated Rust variant by the Agenda ransomware group to infect VMWare servers. The article also touches on the decline of the LockBit gang post-law enforcement takedown, and the rise of lower-tier individual threat actors utilizing cheap ransomware for profit.
