Adi Bleih reports:
The Akira ransomware group has been active since March 2023, targeting diverse industries across North America, the UK, and Australia. Operating as a Ransomware-as-a-Service (RaaS) model, Akira employs a double-extortion strategy by stealing sensitive data before encrypting it. According to their leak site, the group claims to have compromised over 350 organizations.
From November 13 to 14, the Akira ransomware group posted over 30 new victims on their data leak site, marking their highest single-day total since they began operations in March 2023. This milestone represents a record-breaking escalation in their activities and the volume of leaks shared in one day.
Of the 35 total posts, 25 originate from the United States. Canada accounts for two, while the remaining posts come from Uruguay, Denmark, Germany, the United Kingdom, Sweden, the Czech Republic, and Nigeria.
Read more at Cyberint.
Update:
Bleih’s article also stated:
In the ‘Leaks’ section we’ve seen 3 victims that already been published on the ‘News’ section, and 29 new ones. In the ‘News’ section, we’ve seen 3 new victims. Which basically means that 32 new victims were published in the group’s DLS, and three more refused to pay the ransom and were added to the ‘Leaks’ section.
But Valéry Rieß-Marchive has a somewhat different analysis published on LeMagIT. His report highlights that there are not more than 30 new victims. They may be only newly listed. Read LeMagIT’s report as to how some of these newly listed attacks actually occurred months earlier.