tldr - powered by Generative AI

• Since early 2023, Akira ransomware has targeted organizations in multiple industries, including services, manufacturing, education, finance, and healthcare.
• The ransomware initially targeted Windows systems but has expanded to infect VMware ESXi virtual machines and has been used in conjunction with Megazord.
• Akira operators have been observed exploiting vulnerabilities in Cisco products, using RDP, spear-phishing, and valid credentials to gain initial access to victims' environments.
• The threat actors create new domain accounts for persistence, extract credentials, and disable security software to prevent detection.
• Akira exfiltrates victims' data before encrypting it and demands ransom payments in Bitcoin, threatening to publish exfiltrated data on the Tor network if demands are not met.