Throughout 2023 and into early 2024, Akira became one of the fastest growing ransomware variant focusing on both Windows, Linux, and VMware ESXi. The group targeted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia.

In this session we will present insights from the Truesec CSIRT team investigations of ransomware incidents linked to the Akira RaaS group. Discussing the techniques used by threat actors and describing how they successfully compromise and cripple their victims including details based on our special research about the abuse of CVE-2020-3259 on Cisco AnyConnect to gain initial access.