Akira, LimeWire, and the Sour Taste of Data Exfiltration

A Huntress SOC investigation uncovered an Akira ransomware affiliate using an unusual attack chain: the threat actor accessed a hypervisor, spun up a new virtual machine (bypassing installed security tooling), disabled Microsoft Defender, archived target data with WinRAR, and exfiltrated it via Easyupload.io — a file-sharing site now owned by the rebranded LimeWire platform. The VHDX image of the VM provided forensic analysts a clear timeline of attacker activity, including Active Directory enumeration, lateral movement to file servers, and rapid ransomware deployment. The incident highlights how RaaS affiliates adapt TTPs, including creating new VMs to evade endpoint security stacks, and underscores the need to monitor for new endpoint creation within environments.

Nguồn: https://www.huntress.com/blog/akira-ransomware-limewire-data-exfiltration. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.

Đề xuất cho bạn

Dark Reading06 phút11 giờ trước

Europe Evolves Into Ransomware's Favorite Region

Ransomware attacks in Europe surged 55% in the first four months of 2026 compared to the same period in 2025, with France seeing a 119% increase and Italy 92%. Researchers from Black Kite attribute the shift to US market oversaturation and AI-assisted target research pointing attackers toward European organizations. The number of active ransomware groups has grown from 60 in 2023 to 150 today, filling the vacuum left by law enforcement takedowns of major RaaS operations. Manufacturing and digital services sectors are primary targets, largely because attackers exploit supply chain leverage — breaching one vendor to access hundreds of downstream clients, as demonstrated by the Miljödata attack that exposed data from ~200 Swedish municipalities. Experts recommend organizations map fourth- and fifth-party vendor dependencies and rank vendors by risk proactively rather than reactively.

#security#ransomware