Akira Ransomware Targets VMware ESXi Servers

Akira ransomware has expanded its attack capabilities and is leveraging a Linux encryptor to target VMware ESXi virtual machines. This adaptation allows Akira to execute double-extortion attacks on companies globally. Read on to learn more about this critical vulnerability.

What is Akira ransomware?

Initially discovered in March 2023, Akira is a newer entrant to the ransomware landscape. Akira ransomware claims to have attacked 45 organizations in the short time it’s been in operation, and the majority of the target companies reside in the U.S. Victims range from a small child care center to large financial organizations.

Tell me about Akira ransomware’s attack on VMware ESXi servers

Akira’s operation, which has primarily targeted Windows systems across a range of sectors, now includes a project named ‘Esxi_Build_Esxi6’ specifically designed to attack VMware ESXi servers.

The Linux version of Akira employs command line arguments that allow threat actors to customize their attacks, including designating the percentage of data encrypted on each file. Interestingly, this version of Akira seems to have been ported from the Windows version, given its propensity to skip folders and files typically associated with Windows.

Once activated, the Akira ransomware encrypts a broad range of file extensions, renames files with the .akira extension, and leaves a ransom note named akira_readme.txt in each folder on the encrypted device.

What is Nuspire doing to address the emergence of Akira ransomware?

Nuspire actively threat hunts for indications of compromise within managed client environments.

How should I protect myself from Akira ransomware?

The Akira ransomware is a significant and growing threat to organizations around the world. As such, it is recommended that companies:

1. Regularly update and patch all systems and software, including VMware ESXi servers, to address any known vulnerabilities.
2. Continuously back up critical data and ensure that backup files are stored in a separate, secure location or on cloud storage with versioning enabled.
3. Educate employees on the signs of phishing attacks and other common ransomware delivery methods to avoid unintentional activation of these threats.
4. Employ robust cybersecurity solutions, including proactive threat hunting and endpoint protection, to identify and neutralize threats early.

This situation underscores the importance of adopting comprehensive cybersecurity measures to protect against evolving and sophisticated threats like Akira ransomware.