Tags
Ransomware
Incidents
Veeam Vulnerability Exploited by Akira and Fog RansomwareAkira Ransomware Targeting Critical Vulnerability in SonicWall SSLVPN
References
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a
Last edited
Oct 14, 2024 11:58 AM
Akira ransomware uses compromised VPN credentials or Active Directory accounts to infiltrate networks. Once inside, it disables endpoint security tools and deletes backups to hinder recovery. The ransomware targets specific processes and services—especially related to security and IT tools—to maximize encryption impact. Akira uses AES and RSA encryption, leaving behind ransom notes and encrypted file extensions marked as ".akira". Operators employ double extortion, demanding payments in Bitcoin and threatening to leak stolen data. Victims span multiple sectors, including healthcare and education.