Trout Software
← ALL GROUPS

akira

47 total attacksRank #46.2% share8 sectors targeted10 countries
ACTIVITY OVER TIME

TOTAL ATTACKS

47

REPORTS APPEARED IN

1

GLOBAL RANK

#4

ATTACK SHARE

6.2%

GROUP PROFILE

Akira operates as a sophisticated RaaS platform with suspected lineage to the disbanded CONTI operation, demonstrating consistent operational maturity through 47 attacks this period targeting technology, manufacturing, and business services. The group has adapted their tactics to exploit T1133 external remote services, particularly focusing on compromising MFA-protected SonicWall VPN accounts through credential-based attacks rather than traditional phishing campaigns. Their technical approach emphasizes T1003 credential dumping combined with T1021.001 RDP lateral movement to establish persistent network access before deploying double extortion tactics. Recent discussions highlight their capability for offline encryption, suggesting they've developed techniques to encrypt systems even when disconnected from command and control infrastructure, making their attacks particularly difficult to detect and interrupt in progress.

MITRE ATT&CK — KILL CHAIN
Initial Access
T1133External Remote Services
T1078Valid Accounts
Execution
T1059.001PowerShell
Persistence
T1078Valid Accounts
T1136.001Local Account
Privilege Escalation
T1068Exploitation for Privilege Escalation
Defense Evasion
T1562.001Disable or Modify Tools
T1027Obfuscated Files
Credential Access
T1003OS Credential Dumping
T1110Brute Force
Discovery
T1018Remote System Discovery
T1083File and Directory Discovery
Lateral Movement
T1021.001Remote Desktop Protocol
Collection
T1005Data from Local System
Exfiltration
T1567Exfiltration Over Web Service
Impact
T1486Data Encrypted for Impact
T1490Inhibit System Recovery
11 TACTICS|17 TECHNIQUES|Click technique IDs for MITRE ATT&CK details
TARGETED SECTORS
TARGETED COUNTRIES
US: 27DE: 6CA: 6IT: 3UK: 1
REPORT APPEARANCES
February 202647 attacks
COMMUNITY INTELLIGENCE — REDDIT

14

upvotes

AKIRA offline encryption?

We were hit by the **Akira** ransomware, but we were able to disconnect the servers from the internet in time. **Does Akira use an offline/local encryption fallback**, meaning encryption could still o...

r/cybersecurity10 comments1mo ago

142

upvotes

Aero Precision was listed by the Akira ransomware group today

The Akira ransomware group has been around a while. This afternoon, they have just listed Aero Precision firearms. The last large firearms mfg to be popped by ransomware was CMMG by the ALPHV ransomw...

r/Firearms31 comments3mo ago

3

upvotes

Emerging cyberthreats: Akira ransomware, Python-based attacks, and Microsoft 365 exploits

In recent weeks, our security analysts have identified a surge in Akira ransomware campaigns targeting unpatched SonicWall VPN devices. These threat actors are leveraging a legacy vulnerability and st...

r/BarracudaNetworks0 comments4mo ago

38

upvotes

Akira ransomware breaching MFA-protected SonicWall VPN accounts

https://www.bleepingcomputer.com/news/security/akira-ransomware-breaching-mfa-protected-sonicwall-vpn-accounts/...

r/sonicwall44 comments5mo ago

1.2k

upvotes

Pour one out for us

I'm the IT director but today I was with my sysadmin (we're a small company). Crypto walled, 10 servers. Spent the day restoring from backups from last night. We have 2 different backup servers. One g...

r/sysadmin279 comments7mo ago

224

upvotes

Akira ransomware can be cracked with sixteen RTX 4090 GPUs in around ten hours — new counterattack breaks encryption

r/technology17 comments11mo ago