Advisoryseverity: Critical2025-11-13

Updated joint advisory: Akira tied to ~$244M in proceeds, now hitting Nutanix AHV

published by CISA

Actor

Akira?? · UnknownRansomware

Ransomware-as-a-service operation active since March 2023, characterized by an unusually retro 1980s-terminal-styled leak site. CISA estimated $42M+ in extracted ransoms across 250+ organizations wit…

Summary

The 13 Nov 2025 update to AA24-109A — co-signed by FBI, CISA, DC3, HHS, Europol EC3, French OFAC, German LKA Baden-Württemberg, and NCSC-NL — reports that Akira has claimed approximately $244.17M (USD) in ransom proceeds as of late September 2025 and, in a June 2025 incident, encrypted Nutanix AHV virtual-machine disk files for the first time, abusing SonicWall CVE-2024-40766 for initial access.

Primary source

cisa.gov

Other Akira events

2024-04-18FBI, CISA, Europol, NCSC-NL issue joint #StopRansomware advisory on Akira
2023-08-01Akira begins deploying Rust-based 'Megazord' encryptor
2023-04-01Akira deploys Linux variant targeting VMware ESXi
2023-03-01Akira ransomware operation emerges, targeting Windows environments

Summary

Tags

Primary source

Other Akira events