ShellCodeX
Tools β€’ Events β€’ News β€’ Insights
Threat Group Profile

akira

● Active β€” last 30 days
Victim claims 110
First seen Apr 2025
Last activity 10 Jul 2026
Tracked since β€”

Group overview

The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the former CONTI ransomware group. It's worth noting that with the end of CONTI's operation, several affiliates migrated to independent campaigns such as Royal, BlackBasta, and others. According to some reports, Akira affiliates also work with other ransomware operations, such as Snatch and BlackByte, as an open directory of tools used by an Akira operator was identified, which also had connections to the Snatch ransomware. The first version of the Akira ransomware was written in C++ and appended files with the '.akira' extension, creating a ransom note named 'akira_readme.txt,' partially based on the Conti V2 source code. However, on June 29, 2023, a decryptor for this version was reportedly released by Avast. Subsequently, a version was released that fixed the decryption flaw on July 2, 2023. Since then, the new version is said to be written in Rust, this time called 'megazord.exe,' and it changes the extension to '.powerranges' for encrypted files. Most of Akira's initial access vectors use brute-force attempts on Cisco VPN devices (which use single-factor authentication only). Additionally, exploitation of CVEs: CVE-2019-6693 and CVE-2022-40684 for initial access has been identified.Source: https://github.com/crocodyli/ThreatActors-TTPs

Preferred targets

Business Services Β· 28 Manufacturing Β· 27 Healthcare Β· 9 Consumer Services Β· 7 Hospitality and Tourism Β· 7 Construction Β· 7

Most targeted countries

US Β· 54 GB Β· 5 DE Β· 5 FR Β· 2 JP Β· 2 IT Β· 2

Tactics & techniques (MITRE ATT&CK)

Initial Access

Valid Accounts Valid Accounts: Domain Accounts External Remote Services Exploit Public-Facing Application

Execution

Windows Management Instrumentation Command and Scripting Interpreter Command and Scripting Interpreter: PowerShell System Services: Service Execution Command and Scripting Interpreter: Windows Command Shell

Persistence

Create Account: Local Account Create Account: Domain Account

Privilege Escalation

Valid Accounts: Domain Accounts Privilege Escalation

Defense Evasion

Modify Registry Impair Defenses: Disable or Modify Tools

Credential Access

OS Credential Dumping: LSASS Memory

Discovery

Remote System Discovery System Information Discovery Discovery

Lateral Movement

Remote Services: Remote Desktop Protocol Lateral Tool Transfer

Victim Claims Timeline

Back to radar
Vandalia Rental NEW
Unknown Consumer Services
Wade's Dairy
πŸ‡¬πŸ‡§ GB Agriculture and Food Production wadesdairy.com
RISE Architecture
Unknown Business Services
Chisholm Persson & Ball
Unknown Business Services
Excalibur Rentals
Unknown Consumer Services
Stone Ridge Payments
πŸ‡ΊπŸ‡Έ US Financial Services stoneridgepayments.com
Refinery Hotel
Unknown Hospitality and Tourism
About Todd Hamaker & Johnson
Unknown Business Services
Advanced Business Systems
Unknown Business Services
Precise Forms
πŸ‡ΊπŸ‡Έ US Business Services preciseforms.com
JMS Southeast
πŸ‡ΊπŸ‡Έ US Business Services jms-se.com
Padget Technologies
πŸ‡ΊπŸ‡Έ US Technology padgettechnologies.com
Jit Ex
Unknown
Miami Machine
πŸ‡ΊπŸ‡Έ US Manufacturing
Leo International
πŸ‡ΊπŸ‡Έ US leointernational.com
IH Engineers
πŸ‡ΊπŸ‡Έ US Manufacturing ihengineers.com
Ntd Apparel
Unknown Consumer Services
Berg Lilly
Unknown
Apptricity
πŸ‡ΊπŸ‡Έ US Business Services
Smith Filter
Unknown Manufacturing
Insite Architects
Unknown Business Services
DDC Domus Design Collection
Unknown Consumer Services
Port Air Express
Unknown Transportation/Logistics portairexpress.com
The Midland Theatre
πŸ‡¬πŸ‡§ GB Hospitality and Tourism
Associated Investor Services
Unknown Financial Services
Spray Equipment & Service Center
Unknown Business Services
Rockaway River Country Club
πŸ‡³πŸ‡― NJ Hospitality and Tourism
SMPC Architects
Unknown Construction
Centre Ellipse
Unknown
HRC Sicherheitsdienste
πŸ‡©πŸ‡ͺ DE Business Services