November 18, 2024 at 03:04PM
Akira ransomware group has listed over 30 victims on its data-leak site, marking a record high. Predominantly targeting the U.S., the group focuses on various sectors, particularly business services. The uptick in activity suggests an escalation trend among ransomware groups. Akira’s operations are expected to grow further in 2023.
### Meeting Notes Takeaways
1. **Recent Activity of Akira Ransomware Group**:
– Akira has updated its data-leak website on November 13-14, listing over 30 new victims, marking the highest single-day total since its operations began in March 2022.
2. **Victim Distribution**:
– Most victims are from the United States (25), followed by Canada (2). Other countries affected include Uruguay, Denmark, Germany, the UK, Sweden, the Czech Republic, and Nigeria.
3. **Targeted Industries**:
– The business services sector has been the most affected, with 10 of the latest victims in this category. Other impacted areas include manufacturing, construction, retail, technology, education, and critical infrastructure.
4. **Ransomware-as-a-Service (RaaS) Model**:
– Akira operates using a RaaS model, which involves stealing sensitive data before encryption.
5. **Response from Victims**:
– Three victims chose not to pay the ransom, resulting in the public release of their data.
6. **Emerging Trends**:
– The mass targeting of victims is unusual for Akira and may signal a trend among ransomware groups to escalate operations and leverage mass disclosures as a strategy.
7. **Future Outlook**:
– Cyberint researchers anticipate that Akira will continue its dominance in the ransomware space, indicating a potential increase in activity given its record-breaking month and significant rise in the number of victims for 2023.