In a concerted effort to combat the rising threat of ransomware, particularly the Akira variant, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an updated Cybersecurity Advisory. This advisory, part of the #StopRansomware initiative, aims to provide network defenders with crucial information and strategy guidelines, particularly in light of new Akira ransomware activities posing a severe risk. “These advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware,” stated the advisory.
The advisory, which was first published on April 18, 2024, continues to be updated as new information about Akira is disclosed. The latest update, dated November 13, 2025, indicates a growing sophistication in Akira’s operations and its alarming targeting of critical infrastructure. The advisory lays out specific recommendations for organizations, including the urgent need to “prioritize remediating known exploited vulnerabilities.”
The advisory emphasizes the importance of implementing phishing-resistant multifactor authentication (MFA) and ensuring that regular backups of critical data are maintained and tested. Such steps are crucial as the Akira ransomware threat actors have increasingly focused on targeting not only small and medium-sized enterprises but also large organizations across various sectors. “Akira threat actors primarily target small- and medium-sized businesses but have also impacted larger organizations across various sectors,” noted the advisory, pointing to a notable preference for the healthcare, information technology, manufacturing, and financial services industries.
The collaboration behind this advisory spans multiple organizations, including significant international contributions from Europe. “The United States’ Federal Bureau of Investigation, CISA, and various European cybercrime units are working together to combat this threat,” said the advisory, showcasing the broader effort to enhance cybersecurity across borders.
Impact and Legacy
Impact and Legacy
Impact and Legacy
Akira ransomware has demonstrated a remarkable reach since its introduction in March 2023, impacting a multitude of businesses across North America, Europe, and Australia. Initially focused on encrypting Windows systems, the threat actors have since expanded their techniques to include a Linux variant that specifically targets VMware's Elastic Sky X Integrated (ESXi) virtual machines.
Notably, updates reveal that in a June 2025 incident, Akira's capabilities extended into encrypting Nutanix AHV virtual machines, marking a significant evolution. “By abusing Common Vulnerabilities and Exposures (CVE)-2024-40766, Akira threat actors have expanded their arsenal beyond VMware ESXi to include other systems,” the advisory explained.
Impact and Legacy
Impact and Legacy
As of late September 2025, Akira ransomware is reported to have accrued approximately $244.17 million in ransom payments. The sum highlights not only the financial impact but also the effectiveness of the Akira group in infiltrating critical networks. “This places Akira among the most financially damaging ransomware groups operating today,” emphasized cybersecurity analysts.
Career Journey
Early versions of Akira utilized C++ for coding and appended encrypted files with a .akira extension. However, more recent attacks have shifted toward using a Megazord encryptor, a Rust-based tool, that changes the file extension to .powerranges. This evolution in tactics underscores the persistent threat posed by ransomware variants such as Akira.
For organizations confronting this issue, the advisory seeks to create a comprehensive awareness around potential vulnerabilities and steps to mitigate these risks. Through regular updates and the sharing of critical intelligence about emerging threats, the #StopRansomware initiative reflects a proactive stance against ransomware in today’s increasingly digital landscape.
“Organizations must remain vigilant and continually update their security measures to stay ahead of evolving threats like Akira,” the advisory concluded. The ongoing collaboration between federal agencies and international cybercrime units represents a unified front in addressing the critical and growing challenge posed by ransomware.
