Akira Ransomware Threat Profile Analysis

This technical report provides a comprehensive analysis of the Akira ransomware, first identified in March 2023. It operates using a Ransomware-as-a-Service (RaaS) model and employs a double extortion method, where sensitive data is exfiltrated and threatened to be leaked if the ransom is not paid. The report outlines the operational tactics of the Akira group, including their targeting of industrial sectors, particularly in North America, and their use of various vulnerabilities in products such as Cisco and Fortinet. It details the ransom demands, which range from $200,000 to $4 million, and mentions the emergence of multiple variants, including Megazord, IQOJ, and ZHQ. The report also highlights the group's associations with other ransomware operations and the tools they utilize for their attacks. Additionally, it discusses the development of a decryptor for the Linux variant of Akira ransomware, showcasing the ongoing evolution of this threat.