Akira Ransomware Attack: Hypervisor Compromise, VM Creation, and Data Exfiltration via LimeWire
By
ecrime.ch
24d ago· 1 min readenNews
Summary
A threat actor breached a victim environment by accessing a hypervisor and creating a new virtual machine to stage and launch Akira ransomware. The investigation uncovered the use of Easyupload.io via LimeWire, WinRAR, and WinSCP for data staging and likely exfiltration. The attacker rapidly disabled Microsoft Defender on the new VM and made little effort to conceal their activities.
Source
bskyAkira Ransomware Attack: Hypervisor Compromise, VM Creation, and Data Exfiltration via LimeWirehendryadrian.comKey quotes
· 3 pulledA threat actor breached a victim environment, accessed a hypervisor, created a new virtual machine, and used it to stage and launch Akira ransomware.
The investigation also found use of Easyupload.io via LimeWire, WinRAR, and WinSCP for staging and likely exfiltration.
Microsoft Defender was quickly disabled on the newly created virtual machine.
A threat actor breached a victim environment, accessed a hypervisor, created a new virtual machine, and used it to stage and launch Akira ransomware. The investigation also found use of Easyupload.io via LimeWire, WinRAR, and WinSCP for sta...
You might also wanna read
From Armillaria loader to EDR killer
ThreatLocker·12d ago
RaaS meets misconfiguration: How Akira is exploiting SonicWall SSLVPN weaknesses
ThreatLocker·12d ago

JadePuffer: The First Complete LLM-Driven Ransomware Attack
BackBox.org·1d ago
Holding blobs for ransom: Four methods for Azure Storage ransomware
Datadog·23d ago

JadePuffer ransomware used AI agent to automate entire attack
bleepingcomputer.com·3d ago

JadePuffer ransomware used AI agent to automate entire attack
BleepingComputer·3d ago
Why this fully agentic ransomware attack is giving researchers nightmares
zdnet.com·14h ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.