Akira
Ransomware gangs turn to Shanya EXE packer to hide EDR killers
Multiple ransomware gangs are using a packer-as-a-service platform named Shanya to help them deploy payloads that disable endpoint detection and response solutions on victim systems. Packer services provide cybercriminals with specialized tools to package their payloads in a way that obfuscates malicious code to evade detection by most known security tools and antivirus engines. The Shanya packer […]
FinCEN says ransomware gangs extorted over $2.1B from 2022 to 2024
A new report by the Financial Crimes Enforcement Network (FinCEN) shows that ransomware activity peaked in 2023 before falling in 2024, following a series of law enforcement actions targeting the ALPHV/BlackCat and LockBit ransomware gangs. From thousands of Bank Secrecy Act filings, the report documents 4,194 ransomware incidents between January 2022 and December 2024. These reports […]
CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs
US government agencies are warning that the Akira ransomware operation has been spotted encrypting Nutanix AHV virtual machines in attacks. An updated joint advisory from CISA, the FBI, the Department of Defense Cyber Crime Center (DC3), the Department of Health and Human Services (HHS), and several international partners alerts that Akira ransomware has expanded its […]
Apache OpenOffice disputes data breach claims by ransomware gang
The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. Apache OpenOffice is a free, open-source office suite that includes word processing, spreadsheets, presentations, graphics, and database tools. It’s compatible with major file formats, such as Word […]
Akira ransomware breaching MFA-protected SonicWall VPN accounts
Ongoing Akira ransomware attacks targeting SonicWall SSL VPN devices continue to evolve, with the threat actors found to be successfully logging in despite OTP MFA being enabled on accounts. Researchers suspect that this may be achieved through the use of previously stolen OTP seeds, although the exact method remains unconfirmed. In July, GeekFeed reported that the Akira […]
Akira ransomware exploiting critical SonicWall SSLVPN bug again
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. The hackers are leverging the security issue to gain access to target networks via unpatched SonicWall SSL VPN endpoints. SonicWall released a patch for CVE-2024-40766 last year in August, marking it as actively exploited. The flaw allows unauthorized resource […]
SonicWall finds no SSLVPN zero-day, links ransomware attacks to 2024 flaw
SonicWall says that recent Akira ransomware attacks exploiting Gen 7 firewalls with SSLVPN enabled are exploiting an older vulnerability rather than a zero-day flaw. The company says that the attackers are targeting CVE-2024-40766, an unauthorized access flaw fixed in August 2024. “We now have high confidence that the recent SSLVPN activity is not connected to […]
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines. The abused driver is ‘rwdrv.sys’ (used by ThrottleStop), which the threat actors register as a service to gain kernel-level access. This driver is likely used to load a second driver, […]
SonicWall urges admins to disable SSLVPN amid rising attacks
SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past few weeks. The warning comes after Arctic Wolf Labs reported on Friday that it had observed multiple Akira ransomware attacks, likely using a SonicWall zero-day vulnerability, since July 15th. “The […]
SonicWall firewall devices hit in surge of Akira ransomware attacks
SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf. Akira emerged in March 2023 and quickly claimed many victims worldwide across various industries. Over the last two years, Akira has added over 300 organizations to its […]