Akira Ransomware Threat Profile Overview

This document is a threat profile focused on the Akira ransomware, which was first identified in March 2023. It operates using a double extortion method, where it encrypts victims' data and threatens to leak sensitive information if ransom demands are not met. The profile outlines the operational style, including its association with previous ransomware groups such as Conti, and details the ransom amounts that have been demanded, ranging from 200,000 to 4 million USD. The document also describes the initial access methods employed by Akira operators, including exploiting vulnerabilities in Cisco VPN products and unauthorized logons. Additionally, it discusses the various variants of Akira ransomware that have emerged, including Megazord, IQOJ, and ZHQ, and highlights the technical aspects of its encryption methods. The profile includes information on known exploited vulnerabilities and the group’s ongoing activities targeting specific industries and regions, particularly in North America.