Akira Ransomware Is Now Targeting Nutanix VMs - and Scoring Big Rewards

Summary

Akira ransomware has expanded its campaign to encrypt Nutanix AHV virtual‑machine disk files, a move first observed in June 2025, according to a joint advisory from CISA, DC3 and other agencies. The attackers first exploit a critical 9.6‑score SonicWall SonicOS vulnerability (CVE‑2024‑40766) to gain footholds, then leverage unpatched Veeam Backup & Replication flaws (CVE‑2023‑27532 or CVE‑2024‑40711) and legitimate remote‑access tools for lateral movement and backup deletion. The group has already extorted more than $240 million from victims, having previously compromised at least 30 organizations via the SonicWall bug. Security experts urge immediate patching, strong endpoint protection and enforced multi‑factor authentication.