Recent research indicates Akira can move from initial access to full network encryption in under four hours .
While originally focused on Windows, the group has expanded to encrypt Linux and VMware ESXi virtual machines. Most recently, in June 2025, they began targeting Nutanix AHV environments. Akira Client
They often use legitimate tools like AnyDesk , LogMeIn , and FileZilla to maintain persistence and exfiltrate data while blending in with normal admin activity. 2. Akira "Ghost Client" (Minecraft) Recent research indicates Akira can move from initial
If you or a client has been impacted by an Akira ransomware attack, law enforcement agencies recommend the following steps: Cisco Anyconnect Vulnerability Analysis - Akira Ransomware in June 2025