- Akira now encrypts Nutanix AHV VM disk files using SonicWall and Veeam vulnerabilities
- CVE-2024-40766 enabled access to firewalls; Akira used remote tools for lateral movement
- Akira has extorted more than 240 million dollars; Users urged to patch and apply MFA
The Akira ransomware operation is now also targeting Nutanix AHV VM disk files and is seeing considerable success, according to an updated security advisory released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Department of Defense Cybercrime Center (DC3), and other agencies.
The update indicates that Akira was observed encrypting Nutanix AHV VM disk files for the first time, in June 2025.
In the attack, threat actors abused a poor access control vulnerability in SonicWall SonicOS.
No surprises
This bug, tracked as CVE-2024-40766 and with a severity score of 9.6/10 (Critical), grants unauthorized attackers access to different resources, leading to firewall failures.
It affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and earlier, and was fixed in August 2024.
After gaining access, Akira would abuse the CVE-2023-27532 or CVE-2024-40711 vulnerabilities on unpatched Veeam Backup & Replication servers and deploy legitimate tools such as AnyDesk or LogeMeIn for lateral movement and deletion of enterprise backups.
Akira has been making headlines with CVE-2024-40766 before, as it was used to successfully breach at least 30 organizations. In late October 2024, reports from security researchers Arctic Wolf and Rapid7 warned users to patch immediately as both Akira and Fog were exploiting the bug to deploy ciphers.
The Nutanix AHV platform is a Linux-based virtualization solution designed to manage virtual machines on Nutanix infrastructure. In his writing, beepcomputer says Akira’s pivot is “not a surprise” as its previous targets, VMware ESXi and Hyper-V, are virtualization solutions.
In the updated report, CISA also stated that as of the end of September 2025, Akira managed to extort more than $240 million in ransomware attacks. Users are recommended to keep their software up to date, strong protection of their endpoints, and multi-factor authentication applied.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
