January 2025 marked a significant month in the ransomware landscape, with Akira emerging as the leading threat.<\/p>\n
According to recent reports, Akira was responsible for 72 attacks globally, highlighting its rapid rise in prominence.<\/p>\n
This surge in activity is part of a broader trend where ransomware groups<\/a> are becoming increasingly sophisticated in their tactics and targets.<\/p>\n In January, Akira emerged as the most active ransomware group, with a 60% increase in activity due to its effective use of Python-based malware and exploitation<\/a> of critical infrastructure vulnerabilities.<\/p>\n Meanwhile, new ransomware groups like MORPHEUS and Gd Lockersec have entered the scene, with MORPHEUS claiming three victims since December 2024 and Gd Lockersec targeting five by the end of January.<\/p>\n MORPHEUS and HellCat share a codebase, deploying 64-bit executable payloads that exclude certain system files from encryption<\/a>, while Gd Lockersec focuses on financial gains and avoids attacking entities in specific countries and non-profit hospitals.<\/p>\n The Manufacturing sector remained the primary target, with 75 reported incidents, while the IT sector saw a 60% increase due to its critical data and supply chain access.<\/p>\n While besides this, the security researchers at Cyfirma noted<\/a> that geographically, the United States was the most targeted region, with 259 incidents, followed by Canada, the UK, France, and Germany\u2014nations frequently targeted for their strong economies and data-rich enterprises.<\/p>\n These backdoors establish SOCKS5 tunnels, facilitating lateral movement and ransomware deployment while evading detection.<\/p>\n The ransomware landscape in January 2025 was marked by increased sophistication and targeted attacks.<\/p>\n With such rapid evolution it is crucial for organizations to enhance their cybersecurity measures<\/a>.<\/p>\n This includes monitoring for Python-based malware, securing VMware ESXi systems, and implementing robust access controls.<\/p>\n The post Akira Ransomware Leads The Number of Ransomware Attacks For January 2025<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi21XRw9HD0ATSB5jetoBXOsBx9pyVolskInhF-S3ieMWCBBUuL6KOh-lRqqdu4_vG8DSKIkvGeQMpM_FFz3_ydILKGjCvWKzruIc5uNslfqEE105tqze5stQE2ikHJk2zmecsA1Q9dka7g6ZLOOfbGOTCMfoa1ivJk04TZmz5qtLRztsyY5xwxS0-FnFY\/s16000\/Ransomware%2520Trends%2520Graph%2520%28Source%2520-%2520Cyfirma%29.webp?ssl=1\")
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhNTw8LaCgBhhDFMO5lCh8VAhc6dy7s_T3FHZLlqESVM-8Ort3QLJFcZQEj4NJPQCNd3bQe-swi5wpfSVRNxfL2U6j7GRxM9dRPKY0Uuk7APXNGgI5Q7nwQRlUudcx0OyA5eqmwRdNV1C43zsq7GXh2fdKZxPmEcLyfDoc8HrICBHIldcQbM6SaVgssuxA\/s16000\/MORPHEUS%2520Onion%2520Site%2520%28Source%2520-%2520Cyfirma%29.webp?ssl=1\")
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjqtc6n9WjI3oyRPjEep965K2Pel57RW1LGk-mnvPl8Enfyve8UtyvO5QKz3UwDrBsdTOlIOS-HhZSlQv_fsiiQ9dbCfMyO9oYnrpGea9aUVW1jk1dv5sc0-UbEu9CZr3Ci2Iza5XCGmMw-sqGhWADe3vybakOLaKcY4pOYjAiCJER-j14MOn1JyMe5USU\/s16000\/Gd%2520Lockersec%2520Onion%2520Site%2520%28Source%2520-%2520Cyfirma%29.webp?ssl=1\")
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjihjRKBgtX8tPZT-OmwYpqYgvROv6lxmjlI4br9qkTimTIx-s3gI59KA0wOAHZGwW5JMv1-HcLfDDrEgaJX-YRUMJz3Cm-QlZsAKDxXUbeD1MOWIfPT-FYXmD545UPZNaRbmdziGVAFHT64-4iYiisIjBHpwRRkwhFXp6ZeR5Hv96Mgo91J56HLrMFa1g\/s16000\/Top%2520Locations%2520Targeted%2520%28Source%2520-%2520Cyfirma%29.webp?ssl=1\")
Akira Attack Chain<\/strong><\/h2>\n
\n
# Example of Python-based backdoor code\n import socket\n import socks\n\n # Establishing a SOCKS5 connection\n socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, '127.0.0.1', 9050)\n socks.wrapmodule(socket)\n\n # Creating a reverse proxy for communication\n def create_reverse_proxy():\n # Code to handle reverse proxy logic\n pass<\/code><\/pre>\n\n
# Example of SSH tunneling command\n ssh -L 8080:localhost:8080 user@esxi-host<\/code><\/pre>\nAre you from SOC\/DFIR Team? - Join 500,000+ Researchers to Analyze Cyber Threats with ANY.RUN Sandbox -\u00a0Try for Free<\/a><\/code><\/strong><\/code><\/strong><\/p>\n