CISA flags imminent threat as Akira ransomware starts hitting Nutanix AHV

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance to organizations on the Akira ransomware operation, which poses an imminent threat to critical sectors.

In an updated advisory produced with the FBI and European law enforcement partners, it said Akira has expanded its capabilities and is now targeting Nutanix AHV virtual machines, an evolution from its previous attacks against VMware ESXi and Hyper-V.

The agencies spotted attacks against Nutanix hypervisors in June, but did not specify the affected organizations, and added that the data informing the advisory is as recent as November 2025.

Critical national infrastructure (CNI) organizations were urged to be on high alert for a new breed of attacks coming from the Russian ransomware outfit as it looks to further its criminal revenues, currently pegged at $244.17 million.

Nutanix's hypervisors are among the market leaders and are typically used in sectors such as ...