Launched in march 2023, Akira has quickly become one of the most active ransomware groups

The gang quickly amassed noteworthy victims including Stanford University, Nissan Australia, and the US consulting firm Frost & Sullivan and in April 2024 the FBI, CISA, Europol’s European Cybercrime Centre (EC3), and the Netherlands’ National Cyber Security Centre (NCSC-NL) issued a joint advisory warning that the group has more than 250 victims, from which it has secured roughly $42 million in ransom payments. Some researchers have ranked Akira as the most prolific ransomware group in operation, following the disruption to LockBit.

Akira appears to be a novel ransomware, written in C++, with versions targeted both at Windows machines and Linux operating systems. It has at least one known variant, dubbed Megazord. It has been observed leveraging known vulnerabilities in VPN appliances to gain initial access to its targets, who typically reside in the commercial & professional services, capital goods, education, and software & services industries. It is also noteworthy for its aggressive tone in its dark web leak site posts.

The group is suspected to have ties to Conti, one of the largest ransomware operations, which disbanded in 2022.