Akira Hackers Shrink Encryption Timeline to Under One Hour
Hey there, superstar! Imagine you have a special toy box, and inside are all your favorite toys.
Now, there are some naughty people called "Akira Hackers." They're like super-fast tricksters! They found a secret, wobbly spot in some toy boxes (computers) that weren't fixed yet.
They can sneak in super-duper fast, sometimes in just one hour! It's like they can lock your toy box with a magic lock almost instantly. They don't even lock all your toys, just enough so you can't play until someone helps unlock it.
It's important to keep our toy boxes safe and strong, like having a super-hero guard, so these tricksters can't get in so easily!
A notorious ransomware group has been observed leveraging long‑standing exploits and stolen credentials to slip past MFA protections and execute attacks in as little as one hour. Tracking the well-known Akira ransomware group, security researchers from Halcyon witnessed hackers abusing CVE-2024-40766 to gain unauthorised access to SonicWall management interfaces and configuration backups on unpatched devices. [ ] The post Akira Hackers Shrink Encryption Timeline to Under One Hour appeared first on DIGIT .
A notorious ransomware group has been observed leveraging long‑standing exploits and stolen credentials to slip past MFA protections and execute attacks in as little as one hour.
Tracking the well-known Akira ransomware group, security researchers from Halcyon witnessed hackers abusing CVE-2024-40766 to gain unauthorised access to SonicWall management interfaces and configuration backups on unpatched devices.
They then brute‑forced the MySonicWall Cloud Backup API to steal customer configuration files, which held encrypted credentials, which were cracked offline, providing hackers with valid usernames and passwords – some of which had never been reset even on patched hardware.
Recovery codes and plaintext credentials found in these environments allowed threat actors to bypass MFA entirely, letting them log in to portals as if they were legitimate users
Detailing the hackers’ methods, Halcyon warned that this foothold “rapidly cascades into full domain compromise and the exposure of virtually every sensitive data type in the target environment”, with typical attacks taking less than four hours from initial access to encryption.
This speed is down to Akira’s “intermittent encryption” method, where hackers divide large files into blocks, then encrypt only a portion of each block, leaving the rest unencrypted. In one instance, this tactic allowed the group to shrink the time from access to encryption to just one hour.
While this is not a new threat, with SonicWall connecting it to an earlier 2024 CVE and releasing mitigation guidance in relation to CVE-2024-40766 in August last year, Akira have used this first point of compromise to speed up its attacks, with Halcyon saying it has allowed the group to compromise hundreds of victims in the last twelve months.
In January, a study by ReliaQuest found that Akira was one of the most prolific ransomware groups of Q4’2025, claiming over 200 victims, with separate reports indicating that the group demands initial ransoms averaging $925,666.
Recommended reading
-
Data Theft Surges to 96% of Ransomware Attacks
-
Comment | The History of Ransomware
-
Ransomware “Supergroups” Emerge After Record‑Breaking Year of Attacks
With the prospect of a potential million-dollar payout, Halcyon is urging firms to adopt a layered defence, aligned with mitigating most common ransomware methods.
Organisations should begin by hardening initial access vectors, focusing on exposure from trusted sources and third-party pathways, and look to limit lateral movement and credential abuse through continuous monitoring of remote services and valid accounts.
“Akira’s combination of rapid compromise capabilities, disciplined operational tempo, and investment in reliable decryption infrastructure sets it apart from many ransomware operators,” concluded Halcyon’s researchers.
“Organisations that have not yet addressed exposed VPN appliances, legacy credential hygiene, and gaps in MFA enforcement remain at significant risk. Defenders should treat Akira not as an opportunistic threat, but as a capable, persistent adversary that will exploit every available weakness to reach its objective.”
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
interfaceresearch
Exploring Early Web Patterns for Modern AI Agent Development
Exploring Early Web Patterns for Modern AI Agent Development The repository 6551Team/claude-code-design-guide presents an interesting thesis: visual and architectural solutions from the early web - from first HTML pages to 1990s browser interfaces - can enrich modern AI agent development using Claude Code. The Connection Isn't Forced Early internet had to solve problems similar to today's AI agency challenges: Constrained client resources Need for fast content delivery Operating under unstable connections These solutions - interface design patterns, data structures, state management approaches - were largely forgotten, though some are precisely suited for the new generation of autonomous systems. ## Practical Guide, Not Just History The project isn't merely historical reference; it's a pra
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Products
🚀 The Developer Who Survives 2026 Is NOT the One You Think
⚠️ The Hard Truth In 2026, being a “good developer” is no longer enough. You can: Write clean code ✅ Know Docker, Kubernetes ✅ Grind LeetCode daily ✅ …and still get replaced. Not by another developer. But by someone who knows how to use AI better than you. 🤖 The New Battlefield: AI-Augmented Developers Let’s be clear: AI is NOT replacing developers. But developers using AI are replacing those who don’t. The game has changed from: “How well can you code?” to: “How well can you THINK, DESIGN, and ORCHESTRATE?” 🧠 The 3 Skills That Actually Matter Now 1. 🧩 AI Orchestration (The Hidden Superpower) Most devs use one tool. Top devs use systems of tools : GPT → for architecture Claude → for reasoning large codebases Copilot/Cursor → for execution Local LLM → for privacy 👉 The magic is not in t
Mura: The Source of Uneven Flow
In part 1, we explored the eight wastes ( Muda ) as the visible symptoms of inefficiency in software delivery. We saw how waste shows up in unfinished work, handoffs, long waits, rework, and lost talent. Those are the effects we can observe and feel. Those wastes are almost always the result of Mura (斑), a Japanese term from the Toyota Production System meaning "unevenness" or "inconsistency" in how work flows. It is the "hurry up and wait" cycle: periods of low activity followed by periods of frantic catch-up, that make delivery unpredictable and unsustainable. This post examines in depth how to identify uneven flow, and how modern software delivery practices work together to reduce inconsistency and create predictability. The Detection Kit The principles of Lean have been empirically val
b8668
server : fix logging of build + system info ( #21460 ) This PR changes the logging that occurs at startup of llama-server. Currently, it is redundant (including CPU information twice) and it is missing the build + commit info. macOS/iOS: macOS Apple Silicon (arm64) macOS Intel (x64) iOS XCFramework Linux: Ubuntu x64 (CPU) Ubuntu arm64 (CPU) Ubuntu s390x (CPU) Ubuntu x64 (Vulkan) Ubuntu arm64 (Vulkan) Ubuntu x64 (ROCm 7.2) Ubuntu x64 (OpenVINO) Windows: Windows x64 (CPU) Windows arm64 (CPU) Windows x64 (CUDA 12) - CUDA 12.4 DLLs Windows x64 (CUDA 13) - CUDA 13.1 DLLs Windows x64 (Vulkan) Windows x64 (SYCL) Windows x64 (HIP) openEuler: openEuler x86 (310p) openEuler x86 (910b, ACL Graph) openEuler aarch64 (310p) openEuler aarch64 (910b, ACL Graph)
Stop Guessing What Caused Your Flaky Tests Fail or Pass
Flaky tests don’t fail when you expect them to. They fail when you least have time. One moment everything is green, the next your CI pipeline is red — and then, magically, it passes on rerun. ❌ ❌ ✅ → Passed So… what just happened? Was it a network issue? Timing? State leakage? The classic DOM detached? May be, the fixture didnt return the value? The Problem: We Only See the Final Outcome Most test reports show you only the final result , or you install a bunch of plugins that would scrap all the xmls for you to show you multiple tests of same title and you click each one of them to see which might have ran first? If a test fails twice and passes on the third attempt, all you see is: TestCheckoutFlow → Rerun TestCheckoutFlow → Rerun TestCheckoutFlow → Rerun TestCheckoutFlow → PASSED That “p
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!