Akira Ransomware Gang Strikes Big, Now After Linux Servers

April 20, 2024
1 min read

TLDR:

  • The Akira ransomware gang has extorted $42 million from over 250 victims, targeting businesses and critical infrastructure globally.
  • They initially focused on Windows systems before deploying a Linux variant targeting VMware ESXi virtual machines.

The Akira ransomware gang has extorted approximately $42 million from over 250 victims, impacting businesses and critical infrastructure in North America, Europe, and Australia. They initially focused on Windows systems but later shifted to a Linux variant targeting VMware ESXi virtual machines. The group gains initial access through known flaws in Cisco appliances, RDP, spear-phishing, valid credentials, and VPN services lacking MFA protections. They use tools like Mimikatz and LaZagne for privilege escalation, along with Windows RDP for lateral movement within networks. Akira uses a hybrid encryption algorithm and inhibits system recovery by deleting shadow copies. The group is likely affiliated with the now-defunct Conti ransomware gang. Recent developments also include the use of an updated Rust variant by the Agenda ransomware group to infect VMWare servers. The article also touches on the decline of the LockBit gang post-law enforcement takedown, and the rise of lower-tier individual threat actors utilizing cheap ransomware for profit.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and