Threat that thrives in enterprise blind spots: Experts indicate that Akira leverages the blind spots that enterprises acknowledge but rarely fix. Of the blind spots, remote access tops the list, followed by patching.”Akira wins not because it has reinvented ransomware, but because it has perfected the parts enterprises fail to take seriously. It exploits the inertia around forgotten VPN appliances, under-patched firewalls, ageing backup servers, and edge devices that fall outside everyday security conversations. The threat is subtle, persistent, and designed to thrive in the grey areas that organisations neglect,” said Gogia.Gogia noted that network appliances and backup platforms are often months or years behind on updates, which is why Akira regularly exploits Cisco ASA, SonicWall, ESXi, and Veeam vulnerabilities that should have been long closed.
Rethinking ransomware defence: While the standard guidance includes patching, MFA, and regular backups, Akira wave drives home a clear need for additional defence mechanisms to be put in place.”In 2025 alone, Akira ransomware accounted for about 811% of all successful ransomware attacks globally, with a 38% increase in incident count and a notable expansion into multi-platform attack methods,” said Devroop Dhar, co-founder and MD at Primus Partner. “This versatility means simultaneous disruption of endpoints and core business infrastructure, demonstrating a calculated, long-term vision by Akira’s developers to match the complexity and hybrid nature of modern enterprise systems.””Best practice now means robust network segmentation to confine breaches, vigilant monitoring for unusual admin activity, and extending detection and response to backup servers, hypervisor consoles, and connected devices,” added Dhar.Proactive threat hunting, strict privilege management, and rehearsed recovery plans are vital, too, noted Dhar.Enterprises must also rehearse full-scale ransomware scenarios. “These exercises need to blend technical recovery with legal strategy, communication plans, and data leak contingencies. The organisations that withstand Akira are not the ones with the most tools. They are the ones that have integrated their defences, shortened their detection windows, and treated resilience as an operational discipline rather than an aspiration,” added Gogia.Dhar added that thinking like an attacker is now an essential skill, and plugging the gaps before they are exploited is what stands between disruption and survival.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4090995/akira-ransomware-expands-to-nutanix-ahv-raising-stakes-for-enterprise-security.html
