The Akira ransomware group made a significant update to their data-leak website on November 13-14, revealing more than 30 new victims in a single day. This marks the highest number of victims listed by the gang since they began their malicious operations back in March of the previous year.
The group has been indiscriminate in their targeting, aiming at a variety of industries on a global scale. Operating under a ransomware-as-a-service (RaaS) model, the Akira group first steals sensitive data from their victims before encrypting it and demanding ransom payments.
Out of the latest batch of victims, twenty-five were located in the United States, two in Canada, and the rest scattered across Uruguay, Denmark, Germany, the UK, Sweden, the Czech Republic, and Nigeria.
According to researchers at Cyberint, the business services sector has been the primary focus of the Akira group, with ten recent victims coming from that industry. Other sectors affected include manufacturing, construction, retail, technology, education, and critical infrastructure.
The Akira ransomware blog is divided into different sections, with “Leaks” and “News” being prominent categories. Interestingly, the blog revealed that three victims opted not to pay the ransom, leading to the release of their data by the ransomware group.
This mass disclosure of victim data is unusual for Akira, signaling a potential shift in strategy for ransomware groups looking to put pressure on their targets. Cyberint suggests that this could be a growing trend among ransomware groups to escalate their operations and demand payment through such mass disclosures.
Looking ahead, Akira’s dominance in the ransomware landscape is expected to continue, with the group targeting hundreds of victims worldwide. The Cyberint researchers highlighted this trend, indicating that Akira’s activity is likely to increase further following a record-breaking month in terms of the number of victims impacted. Additionally, the group has already surpassed the total number of attacks carried out in 2023 within just a few months.
In conclusion, the Akira ransomware group’s latest data-leak website update sheds light on their increasing scale of operations and serves as a warning to organizations worldwide to bolster their cybersecurity defenses against such evolving threats.