Akira Ransomware Exploits Critical Vulnerabilities in ESXi VMware and VPNs

ⓘ This advisory addresses the increase of Akira Ransomware attacks on critical information infrastructure due to VPN vulnerabilities.

Attention constituent: 

CIRT-BS is observing an uptick in Akira Ransomware malware attacks impacting Bahamian critical infrastructure.

Arika Ransomware, which emerged in March 2023, has two distinct variants that target outdated versions of VMware ESXi virtual machines, encrypting the files and blocking access to these systems.

Akira threat actors are also known to exploit vulnerabilities in Cisco Router/Adaptive Security Appliance (ASA) Clientless SSL VPN. Akira also employs other tactics, including phishing attempts and password brute force, to gain system access.

Immediate Actions to Consider
  1. Remediate all system vulnerabilities.
  2. Enable multifactor authentication (MFA) wherever possible, including webmail, VPN, and accounts that access critical systems.
  3. Regularly patch and update software and applications to their latest version and conduct regular vulnerability assessments.
  4. Segment networks appropriately.
  5. Upgrade unsupported hardware and software.
  6. Implement compensating controls for end-of-life equipment and software.
  7. Conduct regular user security awareness training for staff.

For further details, please visit #StopRansomware: Akira Ransomware | CISA.



Scroll to Top
Skip to content