The Akira ransomware group has reportedly made over $244 million from its operations, as outlined in a joint advisory from various government agencies. Active since March 2023, Akira primarily targets businesses and critical infrastructure, focusing on VMware ESXi servers. Recently, they expanded their tactics, leveraging vulnerabilities in SonicWall firewalls and Nutanix Acropolis Hypervisor to encrypt virtual machine disk files. Their methods include exploiting routers for SSH access, tunneling communications, and using publicly disclosed Veeam vulnerabilities to compromise unpatched servers. The group employs various tools, like Visual Basic scripts and remote access applications such as AnyDesk and LogMeIn, to maintain control and evade detection. In some cases, they manage to exfiltrate data within just two hours of gaining access. Notably, they bypassed Virtual Machine Disk (VMDK) file protections by manipulating domain controller settings, allowing them to extract sensitive files and compromise high-level accounts. Once access is achieved, Akira encrypts victims' files, appending extensions like .akira and .powerranges, and leaves ransom notes in key directories. Their aggressive tactics and high-profile targets highlight a growing threat in the ransomware landscape, posing significant risks to organizations worldwide.