All news with #veeam tag

Akira ransomware linked to $244M in illicit proceeds

🔒 A joint US and international advisory on 14 November attributes approximately $244.17m in illicit proceeds to the Akira ransomware group since late September 2025. The advisory reports rapid data exfiltration in some incidents and details exploitation of SonicWall CVE-2024-40766, expansion to Nutanix AHV disk encryption, and attacks leveraging SSH and unpatched Veeam servers. Operators employ initial access brokers, tunnelling tools and remote access software such as AnyDesk to persist and evade detection. Organisations are urged to prioritise patching, enforce phishing-resistant MFA, and maintain offline backups.

CIO100 & CSO30 ASEAN Awards Celebrate Tech Leadership

🏆 The CIO100 and CSO30 ASEAN and Hong Kong Awards Gala on November 12, 2025 validated the region's maturing technology leadership, drawing winners and teams from Singapore, Malaysia, Indonesia, Vietnam, Cambodia, Thailand, Hong Kong and the Philippines. With a record 243 nominations, the program highlighted artificial intelligence as the defining strategic imperative reshaping operations, innovation and security. Judges prioritized clear, measurable business impact, recognizing cybersecurity leaders and collaborative public–private initiatives. Headline sponsor was AWS.

CISA: Akira Ransomware Now Targets Nutanix AHV VMs

🛡️ U.S. cybersecurity agencies warn that the Akira ransomware operation has expanded to encrypt Nutanix AHV virtual machine disk files, with the first confirmed incident in June 2025. Akira Linux encryptors have been observed targeting .qcow2 virtual disk files directly rather than using AHV management commands. The advisory cites exploitation of SonicWall CVE-2024-40766 and includes new IOCs and mitigation recommendations.

CISA Updates Advisory: Akira Ransomware Evolution Update

🔐 CISA and partner agencies published an updated advisory on Nov. 13, 2025, detailing new indicators, tactics, and detection guidance related to Akira ransomware. The update documents expanded targeting across Manufacturing, Education, IT, Healthcare, Financial, and Food and Agriculture, and links activity to groups such as Storm-1567 and Punk Spider. Key findings include exploitation of edge and backup vulnerabilities, use of remote management tools for defense evasion, and a faster, more destructive Akira_v2 variant that complicates recovery.

Agenda (Qilin) weaponizes Linux binaries against Windows

🛡️ Trend Micro reports that the Agenda (Qilin) ransomware group is running a Linux-based encryptor on Windows hosts to evade Windows-only detections. The actors abused legitimate RMM and file-transfer tools — including ScreenConnect, Splashtop, Veeam, and ATERA — to maintain persistence, move laterally, and execute payloads. They combined social engineering, credential theft, SOCKS proxy injection, and BYOVD driver tampering to disable EDR and compromise backups, impacting more than 700 victims since January 2025.

Top Cyber Recovery Vendors and Platform Capabilities

🔒 Ineffective recovery processes and increasingly sophisticated ransomware are driving adoption of Cyber Recovery approaches that isolate and validate backups before restoring systems. Modern platforms combine immutable snapshots, sandboxed restores, and automated forensics with AI/ML-based detection to identify safe restore points and reduce downtime. Vendors highlighted include Acronis, Cohesity, Commvault, Dell, Druva, Rubrik, Veeam, Zerto.