Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

Akira Ransomware Drops 30 Victims on Leak Site in One Day

Cyberint has observed the Akira ransomware group leaking in a single day the information allegedly stolen from 32 victims.

In a single day last week, the Akira ransomware group leaked information allegedly stolen from 32 victims, cyber risk firm Cyberint reports.

Active since March 2023 and operating under the ransomware-as-a-service (RaaS) business model, Akira has become one of the most prevalent ransomware enterprises, impacting over 350 organizations to date.

In April 2024, US government agencies estimated that Akira had made over 250 victims, including critical infrastructure organizations in North America, Europe, and Australia, claiming roughly $42 million in proceeds.

Akira’s Tor-based site, Cyberint explains, is organized into five sections, with new victims typically added to a ‘News’ section, and those that refused to pay moved to the ‘Leaks’ section.

Cyberint, which was acquired by Check Point this fall, observed Akira adding 32 new victims to the ‘Leaks’ section between November 13 and November 14. A majority of these victims had their stolen information made public without first being named in the ‘News’ section.

“In the ‘Leaks’ section we’ve seen 3 victims that already had been published on the ‘News’ section, and 29 new ones. In the ‘News’ section, we’ve seen 3 new victims,” Cyberint notes in a report shared with SecurityWeek.

Most of the newly added victims are organizations in the US, while the remaining ones are from Canada, the Czech Republic, Denmark, Germany, Nigeria, Sweden, the United Kingdom, and Uruguay.

Based on victimology, Akira mainly focuses on the business services sector, while also targeting organizations in construction, critical infrastructure, education, manufacturing, retail, and technology.

Advertisement. Scroll to continue reading.

“These findings align with trends observed over the past two years, where the United States remains Akira’s primary target, and business services continues to lead as the most targeted sector globally,” Cyberint notes.

While there is no apparent reason for the cybercriminals to drop so many new victims in such a short period of time, Akira is not the first ransomware group to do so. In May, LockBit published roughly 60 victims within two days, likely to escalate its operation following law enforcement disruption in February.

“Akira remains a dominant player in the ransomware landscape, targeting hundreds of victims worldwide. Its activity is expected to grow further, especially after achieving a record-breaking month in the number of victims and surpassing the total attacks for 2023 in just a few months. This highlights their aggressive and expanding operations in the cybercrime ecosystem,” Cyberint notes.

Related: Texas Oilfield Supplier Newpark Hit by Ransomware

Related: Recent Veeam Vulnerability Exploited in Ransomware Attacks

Related: Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks

Related: Tech Titans Join US Cyber Team to Fight Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.