Cyber Security News

CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs

BleepingComputer
CISA warns of Akira ransomware Linux encryptor targeting Nutanix VMs

US government agencies warn that the Akira ransomware operation has expanded its encryption capabilities to Nutanix AHV virtual machines, targeting their disk files. Recent investigations reveal that Akira now directly encrypts Nutanix VM disk files with minimal platform interaction, indicating evolving tactics. #AkiraRansomware #NutanixAHV

Keypoints

  • Akira ransomware has started encrypting Nutanix AHV VM disk files since June 2025.
  • The attack exploits the CVE-2024-40766 vulnerability on SonicWall firewalls.
  • Akiraโ€™s Linux encryptor directly targets .qcow2 files without shutting down VMs using platform commands.
  • Intrusion methods include using stolen credentials, exploiting vulnerabilities, and lateral movement tools.
  • Organizations are advised to update mitigation strategies, including regular backups and patching known vulnerabilities.

Read More: https://www.bleepingcomputer.com/news/security/cisa-warns-of-akira-ransomware-linux-encryptor-targeting-nutanix-vms/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint