Ransomware Group

Akira

Status: active • First seen 2023-03250+ known victims

Akira is run by former Conti gang members. They break in through VPN weaknesses at schools and companies, and have a unique 1980s-style website.

Overview

Akira has connections to the former Conti group and exploits VPN vulnerabilities, particularly in Cisco products. The group maintains a retro 1980s-themed website.

Target Industries

Education, Finance, Manufacturing, Healthcare

How They Attack

  • VPN exploitation
  • Cisco vulnerability abuse
  • Double extortion
  • Conti connections

Notable Victims

Stanford University (2023), Financial institutions

Is your business exposed?

How to Protect Against Akira

  1. 1.

    Patch VPN appliances urgently

  2. 2.

    Monitor for Cisco CVE exploits

  3. 3.

    Enable MFA on all VPN access

MITRE ATT&CK Techniques

T1133, T1190, T1486, T1567

Related Groups

Conti

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices