30 matches found
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service MSaaS operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attribut...
CISA and Partners Release Advisory Update on Akira Ransomware
Today, Cybersecurity and Infrastructure Security Agency CISA, in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, StopRansomware:...
SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers
Threat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. Cybersecurity firm Rapid7 said it observed a spike in intrusions involving SonicWall appliances over the past month, particularly following reports about renewed Akira ransomwar...
Akira Ransomware Group Utilizing SonicWall Devices for Initial Access
Latest update – September 18, 2025 On September 17, 2025, SonicWall disclosed a security breach affecting all SonicWall customers with MySonicWall.com cloud backups enabled. The firm detected suspicious activity targeting MySonicWall.com, through which threat actors were able to access backup...
Akira Ransomware Hits SonicWall VPNs, Deploys Drivers to Bypass Security
GuidePoint Security uncovers a new Akira ransomware tactic targeting SonicWall VPNs. The group's use of drivers to disable defenses is a significant threat to businesses...
SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported
SonicWall said it's actively investigating reports to determine if there is a new zero-day vulnerability following reports of a spike in Akira ransomware actors in late July 2025. "Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents...
Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices
SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. "In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall...
Akira Ransomware Bruteforcer
This tool helps decrypt encrypted files from Akira Ransomware Linux/ESXI variant 2024 using a bunch of GPUs...
A week in security (January 6 – January 12)
Last week on Malwarebytes Labs: Dental group lied through teeth about data breach, fined $350,000 AI-supported spear phishing fools more than 50% of targets US Cyber Trust Mark logo for smart devices is coming GroupGreeting e-card site attacked in "zqxq" campaign Massive breach at location data...
Akira ransomware continues to evolve
Akira continues to cement its position as one of the most prevalent ransomware operations in the threat landscape, according to Cisco Talos' findings and analysis. Their success is partly due to the fact that they are constantly evolving. For example, after Akira already developed a new version o...
Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware
Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to...
A week in security (June 17 – June 23)
Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns Almost everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations,...
A week in security (May 27 – June 2)
Last week on Malwarebytes Labs: Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap? The Ticketmaster "breach"—what you need to know Ticketmaster confirms customer data breach How to tell if a VPN app added your Windows device to a botnet Beware of...
Akira Ransomware Nets $42 Million from 250+ Victims
...
CISA and Partners Release Advisory on Akira Ransomware
Today, CISA, the Federal Bureau of Investigation FBI, Europol’s European Cybercrime Centre EC3, and the Netherlands’ National Cyber Security Centre NCSC-NL released a joint Cybersecurity Advisory CSA, StopRansomware: Akira Ransomware, to disseminate known Akira ransomware tactics, techniques, and...
Akira Ransomware Exploits Cisco Flaw for Maximum Impact
Summary: The Akira ransomware has been identified for utilizing the Cisco AnyConnect SSL VPN as its initial access vector, specifically exploiting the CVE-2020-3259 vulnerability. Despite Cisco addressing this vulnerability with patches released in May 2020, the threat remains prevalent. Threat...
CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance ASA and Firepower Threat Defense FTD software to its Known Exploited Vulnerabilities KEV catalog, following reports that it's being likely...
FakeSG campaign, Akira ransomware and AMOS macOS stealer
Introduction The crimeware landscape is diverse. Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platfo...
Akira Ransomware
Akira Ransomware By Alexandre Mundo, Max Kersten · November 29, 2023 First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators to investigate the malware’s inner working...
Akira Ransomware
Akira Ransomware By Trellix · November 29, 2023 This blog was also written by Alexandre Mundo and Max Kersten First discovered in early 2023, Akira ransomware seemed to be just another ransomware family that entered the market. Its continued activity and numerous victims are our main motivators t...