Akira Ransomware Threat Profile Analysis

This document is a threat profile analysis of Akira ransomware, first identified in March 2023. It operates using a double extortion method, where data is stolen and threatened to be leaked if the ransom is not paid. The profile outlines the ransomware's operational style, which is classified as Ransomware-as-a-Service (RaaS), and details its extortion methods, including the typical ransom demands ranging from 200,000 to 4 million USD. The document lists the most frequently targeted industries, with a focus on industrials, and highlights the geographical regions of previous victims, primarily in North America. Additionally, it discusses the known exploited vulnerabilities that Akira utilizes, including specific CVEs associated with Cisco and Fortinet products. The profile also mentions the ransomware's associations with other threat groups and variants, such as Megazord and IQOJ, and describes the tactics employed by the operators to gain initial access to victim systems. Furthermore, it notes the aesthetic influence of a 1988 anime film on the ransomware's branding.