The Howling Scorpius ransomware gang, also known as Akira, is a rapidly evolving RaaS group that has been active since at least March 2023.
The group is operationally aggressive, innovating new techniques to escalate privileges, move laterally, and avoid detection.
They have targeted organizations across multiple industries worldwide, focusing on enterprises delivering remote monitoring and management (RMM) and managed services, and managed security services (MSS).
Affiliate operations use a variety of techniques to bypass and disable endpoint protection platforms, and have also attempted to disable and uninstall security software on the victim’s systems as part of their infections.
The group operates under a ransomware-as-a-service model, charging affiliates a fee and providing the tools to conduct attacks.
The group is increasingly targeting ESXi servers and has developed a variant that specifically targets virtual machine (VM) files.
Organizations can protect themselves from threats posed by the Howling Scorpius group with proactive defense measures that can detect and prevent such activity before data loss occurs.