Dissecting Akira Ransomware: Techniques, Payloads, and Lessons Learned
Posted inCyber Security

Dissecting Akira Ransomware: Techniques, Payloads, and Lessons Learned

Introduction

We will move our discussion ahead from our last topic on Ransomware and will go through a ransomware Akira. In the crowded and ever-evolving ransomware landscape, Akira has quickly established itself as one of the most disruptive players. Emerging in March 2023, Akira targets organizations with a double extortion playbook — exfiltrating sensitive data before encrypting systems, forcing victims into a pay-or-leak dilemma.
Its cross-platform capabilities (Windows, Linux, ESXi) and rapid evolution, including a Rust-based variant dubbed Megazord, have made it a growing concern for sectors worldwide.

Akira is a Ransomware-as-a-Service (RaaS) family first observed in 2023 and highly active through 2024–2025, responsible for many incidents across industries and regions. It typically performs data exfiltration followed by encryption (double-extortion). CISAVeeam Software

Posted inCyber Security

Ransomware 101: Understanding the Threat

Introduction

Ransomware has evolved from being a nuisance for individual computer users to one of the most damaging threats to modern organizations.
It’s not just about encrypting files anymore — the latest ransomware operations have become full-fledged criminal enterprises, combining data theft, extortion, and public shaming into a single high-pressure attack model.

In this blog, we’ll establish a baseline understanding of ransomware — what it is, how it works, the different types, and why it remains a critical threat.
This foundation will set the stage for our upcoming deep dives into specific ransomware families and practical detection techniques.

Legacy code and deserialization
Posted inWeb Security

Insecure Deserialization in .NET: Risk and Fixing Legacy Code

Introduction

We have discussed in the previous post regarding the introduction, basically Insecure deserialization is a critical vulnerability that often lurks in legacy systems and internal applications. Serialization and deserialization are foundational operations in modern software development, enabling communication between systems, data storage, and object persistence. However, improper use of deserialization—particularly with unsafe serializers like .NET’s BinaryFormatter—can open the door to severe vulnerabilities, including remote code execution (RCE).

This blog post will unpack the risks associated with insecure deserialization, illustrate real-world vulnerable patterns, and explore multiple remediation strategies. We’ll focus especially on the dangers of the legacy BinaryFormatter class and how developers can safely move away from it.

Insecure Deserialization: A Silent Killer in Modern Applications
Posted inWeb Security

Insecure Deserialization: A Silent Killer in Modern Applications

In the realm of cybersecurity, one vulnerability that continues to haunt developers and security professionals alike is insecure deserialization. This seemingly innocuous process, crucial for transferring data between systems, harbors a myriad of risks when implemented carelessly. We delve deep into the intricacies of insecure deserialization, uncover its potential threats. I will also demonstrate practical examples in PHP, Java, and Python.

What is serialization

Serialization is the process of converting complex data structures, such as objects and their fields, into a “flatter” format that can be sent and received as a sequential stream of bytes. Serializing data makes it much simpler to:

  • Write complex data to inter-process memory, a file, or a database
  • Send complex data, for example, over a network, between different components of an application, or in an API call

Crucially, when serializing an object, its state is also persisted. In other words, the object’s attributes are preserved, along with their assigned values.