Akira, LimeWire, and the Sour Taste of Data Exfiltration
ID: c654600d-90ce-5144-bda3-da28c0b92d06
STIX ID: report--c654600d-90ce-5144-bda3-da28c0b92d06
Feed Name: Huntress Blog
Threat Score
Huntress SOC investigated an Akira ransomware incident in which a threat actor accessed a domain controller, instantiated a new VM on the victim's hypervisor to bypass endpoint security, staged and exfiltrated data using WinRAR/WinSCP and Easyupload.io (LimeWire), then launched akira.exe to encrypt mounted shares; analysts mounted the provided VHDX to recover telemetry and identified IoCs including read files and the Akira binary SHA256.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
