• Home
  • News
  • Akira Targets the US and Germany

Akira Targets the US and Germany

Miklos Zoltan

By Miklos Zoltan . 13 January 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

Akira breaches 2 more victims, the Blackburn College in the UK and the Vincentz Network in Germany. The latter is part of a multinational conglomerate dealing with geriatric care, paint industry, automotive services, furniture and woodworking, etc.

  • These were ransomware attacks that managed to secure 30GB and 70GB respectively of confidential data
  • The 2 victims didn’t release any public statements regarding the attacks
  • Akira published the news about the operations on their Tor network and the Telegram channel
  • The announcement stated that they will be releasing the data collected during the attack for free, which suggests that the victims chose not to pay the ransom

Akira is among the most active and aggressive ransomware operators. The organization is relatively young, as it first emerged publicly in March of 2023. While its main targets are on US and Canadian soil, the group often hits across the ocean as well.

Despite being a newcomer in the ransomware sphere, Akira quickly rose to become one of the most feared actors in the world. This is partly due to its connections with the now defunct Conti, with some suggesting an immigration of technology and manpower from Conti.

Tweet showing the Akira attack on the two companies
https://twitter.com/FalconFeedsio/status/1745701835804217487

Despite these rumors, nothing has been verified yet. Akira continues to remain impenetrable to scrutiny and operate with as much impunity as ever.

Who Is Akira?

The group shares name similarities with another Akira group that was primarily active in 2017. That ransomware family didn’t last very long, but was fairly active across its lifespan and shared the same .akira file extension as this novel version.

However, it seems like this is the only connection between the 2 organizations. This new group appears to be a Conti successor, as evidence pinpoints at former Conti operators now working for Akira.

Akira’s MO also points in that direction, as the group shares the same file encryption pattern and avoids the same file extensions that Conti did. The group’s motivations also seem to be purely financial, with ransoms ranging between $200,000 and $4 million.

Akira appears to target small and medium-sized victims, which make for more than 80% of the victims. Interestingly, one month after its conception, in June of 2023, Akira was responsible for over 500 hacking attempts.

The numbers went down significantly, as low as 80 attempts per month in the following months. According to the reports, France seems to be the most affected, registering 360 attacks in 2023.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment