Prevent undetectable malware and 0-day exploits with AppGuard!

Akira Ransomware Costs Reach 244M as Risks Accelerate

Tony Chiappetta
by Tony Chiappetta
December 04, 2025

The ransomware landscape continues to worsen, and the latest report on Akira ransomware makes this clearer than ever.

According to new coverage from The Record, the Akira ransomware gang has received nearly 250 million dollars in ransom payments since it appeared in March 2023. This extensive financial damage highlights how quickly modern ransomware groups can compromise systems and force organizations into crisis.
(Source: therecord.media)

Akira's rapid growth and evolving tactics

The Record’s reporting outlines just how aggressive and adaptable Akira has become. The FBI advisory notes:

  • Akira has targeted many sectors including manufacturing, IT, education, and healthcare.

  • The group often gains entry by exploiting known vulnerabilities in VPN products, such as a bug tracked as CVE 2024 40766.

  • Attackers use legitimate remote access tools like AnyDesk and LogMeIn to blend in with normal administrative activity.

  • In some cases, Akira begins data exfiltration within only two hours of initial access.

  • The group has been observed disabling or uninstalling endpoint detection and response tools after breaching a system.
    (Source: therecord.media)

Akira originally focused on Windows systems but has since expanded to Linux servers and VMware ESXi environments. This expansion makes the threat relevant to nearly all modern business IT stacks, especially small and mid sized companies that depend on virtualization but may not have strong security controls in place.

Why Detect and Respond continues to fall short

Many organizations still rely heavily on tools and strategies built around the Detect and Respond model. These tools attempt to identify suspicious behavior and then alert administrators so they can respond. The challenge is that groups like Akira are now expert at sidestepping or disabling these systems.

The Record notes that Akira disables antivirus and EDR tools shortly after gaining access. Once those tools are removed or neutralized, there is no visibility and no detection. The attackers then use legitimate administrative tools to move laterally, making their activity even harder to identify. When data is stolen or encryption begins within hours, there is little time left to intervene.

This timeline demonstrates why detection alone is no longer enough. If your defensive strategy depends on noticing an attack and then reacting to it, your risk remains extremely high. By the time the alert fires, attackers may have already taken what they need.

Isolation and Containment is now essential

Businesses need an approach that does not rely on detecting malicious behavior after it starts. What is needed is a model that prevents unauthorized actions from executing in the first place. This is the core strength of AppGuard.

AppGuard uses a patented Isolation and Containment strategy that blocks malicious actions automatically. It does not depend on signatures, indicators of compromise, or behavior analytics. Instead, it prevents processes and applications from performing actions that could be harmful.

Against threats like Akira, this approach provides critical advantages:

  • Even if attackers gain access using stolen credentials or VPN vulnerabilities, unauthorized actions cannot execute.

  • Attackers cannot disable protection tools because those actions are blocked at the kernel level.

  • Lateral movement attempts are contained and prevented from impacting other systems.

  • Data exfiltration or ransomware encryption cannot begin because the underlying malicious processes are never allowed to run.

This is why more organizations are shifting away from Detect and Respond and adopting solutions that put prevention first.

Business owners cannot ignore this trend

The fact that Akira has extorted more than 244 million dollars in under two years should concern every business owner. This is not a threat that only targets large corporations. Small and mid sized organizations are often hit hardest because they lack the resources to quickly recover from data theft, downtime, or public exposure.

When ransomware groups strike, the financial cost is only part of the damage. Operations can be disrupted for days or weeks, customer trust can be harmed, and regulatory consequences can follow.

A shift in strategy is required. Waiting to detect ransomware is no longer enough. Isolation and Containment offers a path to preventing the attack from ever succeeding.

Call to Action

If you are a business owner who wants to strengthen your protection against threats like Akira, CHIPS can help you implement AppGuard. Its proven 10 year track record and unique Isolation and Containment approach can prevent the types of attacks described in The Record’s report. Contact us to learn how AppGuard can protect your organization and help you move away from Detect and Respond toward a stronger, prevention focused model.

Like this article? Please share it with others!

 
Tags:
AppGuard, 0-day, Ransomware
Tony Chiappetta
Post by Tony Chiappetta
December 4, 2025
Follow me on my website Follow me on LinkedIn

Comments
How You Can Achieve Zero Trust Protection on an Endpoint

How You Can Achieve Zero Trust Protection on an Endpoint

Some IT Professionals say Zero Trust is impossible to implement however, the US Federal Government has been using these principles for decades.  Download our White Paper to learn how to fully secure your computers.