The Akira ransomware group has generated over $244 million since its emergence in March 2023. They target businesses and critical infrastructure, using various tactics like exploiting vulnerabilities in SonicWall and Veeam, to encrypt files and extort victims. Recent attacks demonstrate their ability to bypass security measures and exfiltrate data quickly.

Researchers at Huntress report a 700% increase in ransomware attacks targeting hypervisors, particularly by the Akira group. These attacks exploit vulnerabilities in hypervisor security, allowing criminals to bypass traditional defenses and compromise virtual machines. Admins are urged to enhance security measures, including multi-factor authentication and patching.

A surge in Akira ransomware attacks targeting SonicWall SSL VPN connections has been observed since mid-July 2025, primarily exploiting unpatched versions of SonicOS. Attackers gain unauthorized access, often bypassing Multi-Factor Authentication (MFA), and can quickly escalate to data encryption and exfiltration within hours. SonicWall has issued patches for a critical zero-day vulnerability, but many devices remain vulnerable as of 2025.

Ongoing Akira ransomware attacks are successfully breaching SonicWall SSL VPN accounts even with one-time password (OTP) multi-factor authentication enabled. This exploitation is linked to previously stolen OTP seeds and an improper access control vulnerability (CVE-2024-40766), prompting SonicWall to recommend that administrators reset VPN credentials and ensure devices are running the latest firmware.

The article explores the ransomware tactics employed by the Akira group, highlighting the importance of understanding their methods to effectively defend against such cyber threats. It emphasizes the need for organizations to stay informed about evolving ransomware strategies and implement robust security measures to mitigate risks.

Hitachi Vantara took its servers offline to contain an Akira ransomware attack that disrupted some of its systems and affected multiple government projects. The company is working with cybersecurity experts to investigate the incident and restore services while confirming that its cloud services remain unaffected. The Akira ransomware operation, which has targeted numerous organizations globally, was identified as the source of the breach.