March 6, 2025 By Bill Toulas
The Akira ransomware gang was spotted using an unsecured webcam to launch encryption attacks on a victim's network, effectively circumventing Endpoint Detection and Response (EDR), which was blocking the encryptor in Windows.
Cybersecurity firm S-RM team discovered the unusual attack method during a recent incident response at one of their clients.
Notably, Akira only pivoted to the webcam after attempting to deploy encryptors on Windows, which were blocked by the victim's EDR solution.
Akira's unorthodox attack chain
The threat actors initially gained access to the corporate network via an exposed remote access solution at the targeted company, likely by leveraging stolen credentials or brute-forcing the password.
After gaining access, they deployed AnyDesk, a legitimate remote access tool, and stole the company's data for use as part of the double extortion attack.
Next, Akira used Remote Desktop Protocol (RDP) to move laterally and expand their presence to as many systems as possible before deploying the ransomware payload.