Akira ransomware continues to evolve

SUMMARY :

Akira ransomware has established itself as a prominent threat, constantly evolving its tactics. Initially employing double-extortion, it shifted focus to data exfiltration in early 2024. The group developed a Rust variant of their ESXi encryptor, moving away from C++. Recently, Akira has returned to previous encryption methods combined with data theft. They exploit various vulnerabilities for initial access and lateral movement, targeting sectors like manufacturing and professional services. The ransomware now uses ChaCha8 cipher for faster encryption. Akira is likely to continue prioritizing high-impact CVEs and attacks against VMware ESXi and Linux environments, adapting their techniques to maintain operational stability and effectiveness.

OPENCTI LABELS :

ransomware,linux,windows,cve-2023-20269,rust,esxi,akira,cve-2023-27532,vulnerability exploitation,cve-2024-37085,cve-2023-48788,double-extortion,cve-2020-3259,cve-2024-40766,cve-2023-20263,chacha8,megazord,cve-2024-40711


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Akira ransomware continues to evolve