Ethical Hacking News
Akira ransomware gang has expanded its capabilities to target Nutanix AHV virtual machines, posing an imminent threat to critical sectors. CISA urges organizations to remain vigilant and adapt their defense strategies to stay ahead of this evolving menace.
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory about the Akira ransomware operation posing an imminent threat to critical sectors. Akira gang has evolved its tactics, targeting Nutanix AHV virtual machines and expanding its reach beyond smaller businesses. The group's primary goal is to further its criminal revenues estimated at $244.17 million. Akira affiliates exploit critical vulnerabilities, including CVE-2024-40766 in SonicWall SSL-VPNs, to gain initial access to networks. Prevention measures emphasized include patching known exploits, multi-factor authentication, and regular backups.
The cybersecurity landscape has been abuzz with the recent updates from the US Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the FBI and European law enforcement partners, regarding the Akira ransomware operation. This menace is now posing an imminent threat to critical sectors, as it continues to evolve its tactics and expand its reach.
The most recent advisory issued by CISA highlights the advancements made by the Akira gang, which have allowed them to target Nutanix AHV virtual machines. This marks a significant shift in their modus operandi, as they previously focused on smaller businesses and organizations. The agency notes that the group's primary goal is to further its criminal revenues, currently estimated at $244.17 million.
According to CISA, Akira affiliates have been exploiting critical vulnerabilities, including CVE-2024-40766, a bug in SonicWall SSL-VPNs, to gain initial access to targets' networks. These threats are then deployed via various vectors, such as compromised VPN credentials, password spraying techniques, and exploitation of publicly available vulnerabilities.
The advisory emphasizes the importance of patching known exploited vulnerabilities as soon as possible, maintaining up-to-date operating systems, deploying multi-factor authentication (MFA) widely, enforcing strong password policies, and conducting regular backups. Network segmentation is also highlighted as a crucial component in preventing ransomware attacks.
It's worth noting that Akira first emerged in 2023, as one of the offshoots of Conti, and has since maintained its status as a leading group of its kind. Notable attacks claimed by the group include British bath bomb merchant Lush, Stanford University, Finnish IT services provider Tietoevry, and the Toronto Zoo.
The expansion of Akira's capabilities to target Nutanix AHV virtual machines underscores the evolving nature of ransomware threats. As security professionals, it is essential to remain vigilant and adapt our defense strategies to stay ahead of these emerging threats.
In conclusion, the recent updates from CISA serve as a stark reminder of the ever-present threat landscape in cybersecurity. As we navigate this complex terrain, it's crucial to prioritize vulnerability remediation, robust security measures, and regular monitoring to mitigate the impact of such threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Akira-Ransomware-Gang-Expands-Capabilities-Targets-Nutanix-AHV-Virtual-Machines-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/11/14/cisa_akira_ransomware/
https://thecyberexpress.com/akira-ransomware-group-cisa-warning/
https://www.bleepingcomputer.com/news/security/cisa-warns-of-akira-ransomware-linux-encryptor-targeting-nutanix-vms/
https://nvd.nist.gov/vuln/detail/CVE-2024-40766
https://www.cvedetails.com/cve/CVE-2024-40766/
Published: Fri Nov 14 09:16:16 2025 by llama3.2 3B Q4_K_M
