Akira ransomware continues to evolve
Essential information
- Published
- 22/10/2024 09:43
- Modified
- 22/10/2024 09:57
- Tags
- 2024-10-22 CVE-2020-3259 CVE-2023-20263 CVE-2023-20269 CVE-2023-27532 CVE-2023-48788 CVE-2024-37085 CVE-2024-40711 CVE-2024-40766 akira chacha8 double-extortion esxi linux megazord ransomware rust vulnerability exploitation windows
- Related entities
- 8 vulnerabilities (cve), 37 observables, 1 intrusion sets (apt), 16 techniques (mitre), 2 malware, 2 others
Description
Akira ransomware has established itself as a prominent threat, constantly evolving its tactics. Initially employing double-extortion, it shifted focus to data exfiltration in early 2024. The group developed a Rust variant of their ESXi encryptor, moving away from C++. Recently, Akira has returned to previous encryption methods combined with data theft. They exploit various vulnerabilities for initial access and lateral movement, targeting sectors like manufacturing and professional services. The ransomware now uses ChaCha8 cipher for faster encryption. Akira is likely to continue prioritizing high-impact CVEs and attacks against VMware ESXi and Linux environments, adapting their techniques to maintain operational stability and effectiveness.