Skip to content

Akira Ransomware Mutates to Target Linux Systems, Adds TTPs

Posted by: GuidePoint Security

< 1 min read

September 22, 2023 – Published on Dark Reading

Arika ransomware has continued to evolve since emerging as a threat in March, expanding its reach from initially targeting Windows systems to include Linux servers and employing a growing array of tactics, techniques, and procedures (TTPs).

The infection chain actively targets Cisco ASA VPNs lacking multifactor authentication to exploit the CVE-2023-20269 vulnerability as an entry point.

As of early September, the group had successfully hit 110 victims, focusing on targets in the US and the UK.

According to a recent GuidePoint Security’s GRIT report, educational organizations have been disproportionately targeted by Akira, representing eight of its 36 observed victims.

The ransomware campaign involves multiple malware samples that carry out various steps, including shadow copy deletion, file search, enumeration, and encryption, when executed.

Read More HERE.

Categories: Incident Response & Threat Intelligence News
Tags:GRIT®ransomware

GuidePoint Security

GRIT 2025 Q1 Ransomware & Cyber Threat Report
Trends and threats from the past year, with insights to protect your organization.
Download Now

Related Articles

View All

  • Blog
Navigating Incident Response Documentation
Posted by: Robert Bell
Read More 3 min read
  • GRIT® Blog
Interlock Intrusion: How Interlock Achieves Encryption
Posted by: Jean-Pierre Mouton
Read More 9 min read
  • News
Wiz on Cloud Security in 2025: Navigating the Future of Cyber Threats and Defense
Read More 5 min read