securityonline.info
Open in
urlscan Pro
2600:1f10:4c55:e23d:5d5b:8bb5:8ae2:1fff
Public Scan
URL:
https://securityonline.info/akira-ransomware-exploit-cve-2024-40766-in-sonicwall-sonicos/
Submission: On December 05 via api from IN — Scanned from US
Submission: On December 05 via api from IN — Scanned from US
Form analysis 3 forms found in the DOM
https://securityonline.info/
<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" name="s"></label>
<input type="submit" class="search-submit" value="Search">
</form>https://securityonline.info/
<form role="search" class="search-form" action="https://securityonline.info/"><label><span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" name="s"></label>
<input type="submit" class="search-submit" value="Search">
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; background: url("https://www.google.com/cse/static/images/1x/en/branding.png") left center no-repeat rgb(255, 255, 255); outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>Text Content
Skip to content
Cybersecurity News
* Search for:
* Home
* Cyber Security
* Data Leak
* Linux
* Malware Attack
* Open Source Tool
* Technology
* Vulnerability
* Windows
* Home
* Cyber Security
* Data Leak
* Linux
* Malware Attack
* Open Source Tool
* Technology
* Vulnerability
* Windows
Search for:
Cybersecurity News
* Malware / Vulnerability
AKIRA RANSOMWARE EXPLOIT CVE-2024-40766 IN SONICWALL SONICOS
by do son · October 21, 2024
The attack chain | Image: S-RM
1. x
Please enable JavaScript
Video Player is loading.
Play Video
Pause
Unmute
Current Time 0:06
/
Duration 1:12
0:06
Remaining Time -1:06
1x
Playback Rate
* 2x
* 1.5x
* 1x, selected
* 0.5x
Captions
* captions off, selected
* American English Captions
Watch on Humix
Auto(360pLQ)
* Back
Settings
ShareFullscreen
2. 1. Now Playing
Up NextHow to remove FBI Moneypak Virus (FBI Ransomware) from Mac Os X.
1:12
2. Now Playing
Up NextCyber Risk Management: International Law Enforcement Effort
Disrupts LockBit Ransomware
1:58
3. Now Playing
Up NextRansomware Evolution 2024- Unveiling Double Extortion &
RaaS—Protect Yourself Now
9:30
4. Now Playing
Up NextTURNING YOUR MANJARO LINUX INTO A HACKING MACHINE
6:00
5. Now Playing
Up Nexthack pubgmobile
1:08
6. Now Playing
Up NextFunnel Hacker EP #1
14:02
7. Now Playing
Up Nexthack pubgmobile
1:08
8. Now Playing
Up Nexthack pubgmobile
1:08
9.
x
Please enable JavaScript
Video Player is loading.
Play Video
Play
Mute
Current Time 0:00
/
Duration 1:12
0:00
Remaining Time -1:12
1x
Playback Rate
Captions
Picture-in-PictureWatch on Humix
Settings
* Settings
* SubtitlesCaptions Off
* Speed1x
* Back
* Back
* captions off, selected
* American English Captions
* Back
* 2x
* 1.5x
* 1x, selected
* 0.5x
Auto(360pLQ)
ShareFullscreen
How to remove FBI Moneypak Virus (FBI Ransomware) from Mac Os X.
Share
Watch on
How to remove FBI Moneypak Virus (FBI Ransomware) from Mac Os X.
The notorious Akira ransomware group continues to adapt and refine its methods,
solidifying its position as one of the most significant threats in the cyber
landscape. According to a recent report from Cisco Talos, Akira’s success lies
in its constant evolution and tactical shifts, as the group moves beyond
traditional ransomware techniques to remain a potent force in the realm of
cybercrime.
A key highlight from the Cisco Talos report is the observation of Akira’s novel
iteration targeting both Windows and Linux hosts. “Akira continues to cement its
position as one of the most prevalent ransomware operations in the threat
landscape,” the report states. The group has demonstrated agility, deploying new
versions of its ransomware encryptor throughout 2024. Earlier in the year, Akira
developed a Rust variant of their ESXi encryptor, abandoning C++ in favor of
more efficient programming techniques.
This evolution marks a pivotal shift in the group’s technical approach, with
significant updates in their encryption and exfiltration strategies. The new
encryptor, particularly the Rust-based variant, highlights Akira’s drive for
stability and efficiency, underscoring the adaptability of their affiliate
operations. However, Cisco Talos recently observed a potential shift back to
previous encryption methods alongside data theft extortion tactics.
Affiliates of the Akira ransomware group have capitalized on exposed
vulnerabilities, swiftly adapting to newly disclosed CVEs for initial access and
privilege escalation within compromised environments. Most recently, Akira
ransomware affiliates targeted vulnerable network appliances using
CVE-2024-40766, an exploit found in SonicWall SonicOS, which facilitated remote
code execution on affected devices. Other critical vulnerabilities abused by
Akira affiliates include CVE-2020-3259 in Cisco Adaptive Security Appliances and
CVE-2023-48788 in FortiClientEMS.
These tactics enable rapid deployment of ransomware and the exfiltration of
victim data, a crucial step in Akira’s double extortion model. This method not
only encrypts the victim’s files but also threatens to leak sensitive data if
the ransom demands are not met, providing Akira with substantial leverage over
its victims.
Cisco Talos reports that the group may be transitioning from the Rust-based
Akira v2 variant back to earlier Windows and Linux encryptors written in C++.
This tactical pivot suggests a refocus on time-tested techniques, allowing the
ransomware to maintain operational stability while continuing to target multiple
operating systems.
Akira’s evolving approach to encryption includes the use of the ChaCha8 stream
cipher in newer variants, prioritizing efficiency and speed during ransomware
attacks. The swift encryption and exfiltration operations allow the ransomware
group to maximize damage in a short timeframe, as demonstrated in their recent
attacks on manufacturing and technical services sectors.
The Cisco Talos report warns that Akira is likely to continue its campaign of
exploiting high-impact vulnerabilities, especially in enterprise environments
such as VMware ESXi and Linux servers. These platforms, which host critical
infrastructure and high-value data, are attractive targets for ransomware
operators seeking to inflict widespread disruption with minimal lateral
movement. “We anticipate Akira will continue refining its tactics, techniques,
and procedures (TTPs), developing its attack chain, adapting to shifts in the
threat landscape, and striving for greater effectiveness in its RaaS
operations,” the report concludes.
RELATED POSTS:
* Fog & Akira Ransomware Exploit Critical Veeam RCE Flaw CVE-2024-40711 After
PoC Release
* Akira Ransomware: The New Threat Targeting Windows & Linux
* Akira Goes Stealthy: Ransomware Group Prioritizes Data Theft for Extortion
* Akira Ransomware Now Uses APT-Style Tactics to Breach Corporate Networks
Share
Tags:
ChaCha8CVE-2020-3259CVE-2023-20269CVE-2023-48788CVE-2024-37085CVE-2024-40711CVE-2024-40766
Follow:
*
*
*
*
*
SEARCH
×
search
Visit Penetration Testing Tools & The Information Technology Daily
Support Securityonline.info site. Thanks!
* Vulnerability
CISA Expands KEV Catalog with Four Actively Exploited Vulnerabilities
November 7, 2024
* Vulnerability
CVE-2024-10571 (CVSS 9.8): Critical Flaw in WordPress Chart Plugin Under
Active Attack
November 14, 2024
* Vulnerability
CVE-2024-21287: Critical Zero-Day Exploited in Oracle Agile PLM
November 19, 2024
* Vulnerability
Palo Alto Networks Warns of GlobalProtect App Flaw with Public Exploit Code
(CVE-2024-5921)
November 25, 2024
* Vulnerability
MediaTek Patches High-Severity Vulnerability in Smartphone Chipsets
(CVE-2024-20125)
December 1, 2024
Reward
BRILLIANTLY
SAFE!
securityonline.info
CONTENT & LINKS
Verified by Sur.ly
2022
WEBSITE
1. About SecurityOnline.info
2. Advertise on SecurityOnline.info
3. Contact
* About Us
* Contact Us
* Disclaimer
* Privacy Policy
* DMCA NOTICE
* Sponsors
Cybersecurity News © 2024. All Rights Reserved.
*
*
*
*
*
x
x
Please enable JavaScript
Play
Mute
Current Time 0:00
/
Duration 0:00
Remaining Time -0:00
1x
Playback Rate
Captions
* captions off, selected
Picture-in-PictureFullscreen
3 ✕ Here are some notifications you missed: Here are some notifications you
missed: Recent Notifications Recent Notifications Veeam Backup & Replication
Vulnerabilities Exposed: High-Severity Flaws Put Data at Risk 12 hours ago Five
Flaws in Lorex 2K Security Cameras Enable Hackers to Take Full Control, PoC
Published 12 hours ago CVE-2024-10905 (CVSS 10): Critical Vulnerability in
SailPoint IdentityIQ Exposes Sensitive Data 12 hours ago Error. Try later. You
have blocked Push Notifications. Follow these instructions to enable Push
Notifications. Subscribe to receive push notifications on latest updates You are
unsubscribed to Push Notifications You are subscribed to Push Notifications
SUBSCRIBE SUBSCRIBE UNSUBSCRIBE ⚡ by Webpushr
Would you like to receive notifications on latest updates? YES NOT YET
X Veeam Backup & Replication Vulnerabilities Exposed: High-Severity Flaws Put
Data at Risk 12 hours ago