Akira Ransomware Racks Up 30+ Victims in a Single Day

Akira ransomware group has updated its data-leak website on Nov. 13-14, listing more than 30 of its latest victims — the highest single-day total since the gang first began its malicious operations in March of last year.

The group spares no one, targeting a variety of industries globally, and operates using a ransomware-as-a-service (RaaS) model, stealing sensitive data before encrypting it.

Twenty-five of the latest victims are from the United States, two are from Canada, and the remaining originate from Uruguay, Denmark, Germany, the UK, Sweden, the Czech Republic, and Nigeria.

The researchers at Cyberint found that the business services sector was most frequently targeted by the group, with 10 of its most recent victims belonging to that industry. Other impacted sectors include manufacturing, construction, retail, technology, education, and critical infrastructure. 

Divided into five sections, the Akira ransomware blog has both "Leaks" and "News" sections. The site indicates that three victims refused to pay the ransom, prompting the group's release of their data.

As mass ransomware targeting is out of character for Akira, it may be indicative of a rising trend for ransomware groups to "escalate their operations and exert pressure through mass disclosures," according to Cyberint.

And it likely won't stop there. "Akira remains a dominant player in the ransomware landscape, targeting hundreds of victims worldwide," stated the Cyberint researchers in a posting. "Its activity is expected to grow further, especially after achieving a record-breaking month in the number of victims and surpassing the total attacks for 2023 in just a few months."