threatintel
actor tracker
Akira
Reportseverity: High2023-03-01

Akira ransomware operation emerges, targeting Windows environments

published by MITRE ATT&CK
Actor
Akira?? · UnknownRansomware

Ransomware-as-a-service operation active since March 2023, characterized by an unusually retro 1980s-terminal-styled leak site. CISA estimated $42M+ in extracted ransoms across 250+ organizations wit…

Summary

Akira ransomware activity first observed in March 2023, initially targeting Windows systems with a C++ encryptor that appends a .akira extension. Akira operates as a double-extortion crew and is tracked by industry as Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara, with code overlap suggesting links to the defunct Conti operation.

Tags

ransomwaredouble-extortionconti-lineage

Primary source

attack.mitre.org

Other Akira events