24.Key Code

The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach.

Arika ransomware has continued to evolve since emerging as a threat in March, expanding its reach from initially targeting Windows systems to include Linux servers and employing a growing array of tactics, techniques, and procedures (TTPs).

An in-depth report on Akira from LogPoint breaks down the "highly sophisticated" ransomware, which encrypts victim files, deletes shadow copies, and demands ransom payment for data recovery. 

The infection chain actively targets Cisco ASA VPNs lacking multifactor authentication to exploit the CVE-2023-20269 vulnerability as an entry point.

As of early September, the group had successfully hit 110 victims, focusing on targets in the US and the UK.