logo

Akira, LimeWire, and the Sour Taste of Data Exfiltration

ID: c654600d-90ce-5144-bda3-da28c0b92d06

STIX ID: report--c654600d-90ce-5144-bda3-da28c0b92d06

Feed Name: Huntress Blog

Threat Score
75/100

Date Published: 2026-06-12

Date Updated: 2026-06-25

...
...

Huntress SOC investigated an Akira ransomware incident in which a threat actor accessed a domain controller, instantiated a new VM on the victim's hypervisor to bypass endpoint security, staged and exfiltrated data using WinRAR/WinSCP and Easyupload.io (LimeWire), then launched akira.exe to encrypt mounted shares; analysts mounted the provided VHDX to recover telemetry and identified IoCs including read files and the Akira binary SHA256.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.