threatintel
actor tracker
Akira
Reportseverity: High2023-04-01

Akira deploys Linux variant targeting VMware ESXi

published by CISA
Actor
Akira?? · UnknownRansomware

Ransomware-as-a-service operation active since March 2023, characterized by an unusually retro 1980s-terminal-styled leak site. CISA estimated $42M+ in extracted ransoms across 250+ organizations wit…

Summary

Within a month of emergence, Akira threat actors deployed a Linux variant targeting VMware ESXi virtual machines, allowing the operation to encrypt entire virtualisation estates from a single foothold. The pivot to ESXi is documented in the joint FBI/CISA #StopRansomware advisory AA24-109A.

Tags

ransomwareesxilinux

Primary source

cisa.gov

Other Akira events