Akira Ransomware Gang Strikes Big, Now After Linux Servers

TLDR:

The Akira ransomware gang has extorted $42 million from over 250 victims, targeting businesses and critical infrastructure globally.
They initially focused on Windows systems before deploying a Linux variant targeting VMware ESXi virtual machines.

The Akira ransomware gang has extorted approximately $42 million from over 250 victims, impacting businesses and critical infrastructure in North America, Europe, and Australia. They initially focused on Windows systems but later shifted to a Linux variant targeting VMware ESXi virtual machines. The group gains initial access through known flaws in Cisco appliances, RDP, spear-phishing, valid credentials, and VPN services lacking MFA protections. They use tools like Mimikatz and LaZagne for privilege escalation, along with Windows RDP for lateral movement within networks. Akira uses a hybrid encryption algorithm and inhibits system recovery by deleting shadow copies. The group is likely affiliated with the now-defunct Conti ransomware gang. Recent developments also include the use of an updated Rust variant by the Agenda ransomware group to infect VMWare servers. The article also touches on the decline of the LockBit gang post-law enforcement takedown, and the rise of lower-tier individual threat actors utilizing cheap ransomware for profit.

Post Views: 82

Latest from Blog

Financial sector prime target for DDoS attacks, Akamai study finds

TLDR: – Financial services sector remains the top target for DDoS attacks for the second consecutive year – APJ region faces significant cybersecurity challenges with a high threat score for phishing A

Watch out for serverless architecture’s cybersecurity risks for businesses

Serverless Architecture and Cybersecurity Risks TLDR: Move towards serverless architecture presents new security challenges Threat actors are exploring vulnerabilities in serverless environments Today’s cybersecurity landscape is rapidly evolving with the adoption of