Akira ransomware, linked to the defunct Conti group, has significantly increased its activity since March 2023, impacting a wide range of sectors including manufacturing and healthcare. As of September 2025, it has generated approximately $244.17 million in ransom payments from over 250 organizations around the globe.
The ransomware employs a sophisticated hybrid encryption scheme and has evolved its attack strategies, introducing various variants including a Linux version for VMware ESXi systems and a new Rust-based encryptor seen in August 2023. Threat actors utilize a double-extortion model, initially exploiting VPN services without multi-factor authentication to gain access and then employing tools like Mimikatz for credential scraping. They also delete system recovery options to hinder recovery efforts, demanding ransom payments in Bitcoin through a Tor network.
👉 Pročitaj original: Cyber Security News
