Akira Ransomware


Akira is a ransomware group which was first observed in March 2023. Akira ransomware actors typically gain access to victims’ devices by using compromised credentials. Its operators use multi-extortion tactics, steal victims’ critical data and encrypts devices and files before demanding outrageous ransom payments. Victims who fail to comply with their demands will be listed on their TOR-based website along with the stolen data.

Akira commonly infiltrates targeted Windows and Linux systems through VPN services, especially where users haven't enabled multi-factor authentication.



Once a system is infected with Akira, the malware will attempt to delete backup folders that could be used to restore lost data. Files are encrypted and the .akira extension is added. A ransom is demanded in exchange for file decryption or data deletion.



  • Cisco Adaptive Security Appliance (ASA) software
  • Cisco Firepower Threat Defense (FTD) software



  • Microsoft Windows
  • Linux



  • Use anti-malware software or other security tools capable of detecting and blocking known ransomware variants.
  • Monitor network traffic and look for indicators of compromise such as unusual network traffic patterns or communication with known command-and-control servers. 
  • Conduct regular security audits and assessments to identify network and system vulnerabilities and ensure that all security controls are in place and functioning properly. 
  • Educate employees on the risks of ransomware and train them on cybersecurity best practices, including identifying and reporting suspicious emails or other threats.
  • Implement a robust backup and recovery plan to ensure that your organization has a copy of its data and can restore it in case of an attack. Store them in a secure, offsite location. 
  • Implement strong passwords and enable Multi-Factor Authentication (MFA) for all user accounts.
  • Update and patch systems to fix known vulnerabilities and to prevent them from being exploited.