Akira Ransomware Group Made $244 Million in Ransom Proceeds

The Akira ransomware group has made over $244 million in proceeds from its malicious activities, according to an updated joint advisory from government agencies in the US, France, Germany, and the Netherlands.

Active since at least March 2023, the hacking group is mainly known for deploying a ransomware variant tailored for VMware ESXi servers, in attacks targeting businesses and critical infrastructure organizations in North America, Europe, and Australia.

This year, however, the group expanded its toolset, and in a June 2025 attack it encrypted Nutanix Acropolis Hypervisor (AHV) VM disk files and exploited a SonicWall firewall vulnerability tracked as CVE-2024-40766.

Additionally, the ransomware gang started exploiting five more vulnerabilities for initial access this year, including CVE-2020-3580 (Cisco ASA and FTD), CVE-2023-28252 (Windows), CVE-2024-37085 (VMware ESXi), and CVE-2023-27532 and CVE-2024-40711 (Veeam Backup & Replication).

In addition to exploiting CVE-2024-40766, the Akira operators were seen compromising SonicWall appliances via stolen credentials. Initial ...