In a single day last week, the Akira ransomware group leaked information allegedly stolen from 32 victims, cyber risk firm Cyberint reports.
Active since March 2023 and operating under the ransomware-as-a-service (RaaS) business model, Akira has become one of the most prevalent ransomware enterprises, impacting over 350 organizations to date.
In April 2024, US government agencies estimated that Akira had made over 250 victims, including critical infrastructure organizations in North America, Europe, and Australia, claiming roughly $42 million in proceeds.
Akira’s Tor-based site, Cyberint explains, is organized into five sections, with new victims typically added to a ‘News’ section, and those that refused to pay moved to the ‘Leaks’ section.
Cyberint, which was acquired by Check Point this fall, observed Akira adding 32 new victims to the ‘Leaks’ section between November 13 and November 14. A majority of these victims had their stolen information made public without first being named in the ‘News’ section.
“In the ‘Leaks’ section we’ve seen 3 victims that already had been published on the ‘News’ section, and 29 new ones. In the ‘News’ section, we’ve seen 3 new victims,” Cyberint notes in a report shared with SecurityWeek.
Most of the newly added victims are organizations in the US, while the remaining ones are from Canada, the Czech Republic, Denmark, Germany, Nigeria, Sweden, the United Kingdom, and Uruguay.
Based on victimology, Akira mainly focuses on the business services sector, while also targeting organizations in construction, critical infrastructure, education, manufacturing, retail, and technology.
“These findings align with trends observed over the past two years, where the United States remains Akira’s primary target, and business services continues to lead as the most targeted sector globally,” Cyberint notes.
While there is no apparent reason for the cybercriminals to drop so many new victims in such a short period of time, Akira is not the first ransomware group to do so. In May, LockBit published roughly 60 victims within two days, likely to escalate its operation following law enforcement disruption in February.
“Akira remains a dominant player in the ransomware landscape, targeting hundreds of victims worldwide. Its activity is expected to grow further, especially after achieving a record-breaking month in the number of victims and surpassing the total attacks for 2023 in just a few months. This highlights their aggressive and expanding operations in the cybercrime ecosystem,” Cyberint notes.
Related: Texas Oilfield Supplier Newpark Hit by Ransomware
Related: Recent Veeam Vulnerability Exploited in Ransomware Attacks
Related: Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks