Dragons Eye
Dragons EyeRansomware Tracker
DashboardVictimsGroupsRansom NotesDecryptorsNegotiationIOCStatistics
Dragons Community
Information & Disclaimer
← Back to Groups
akira logo

akira

🟢 Active✓ Parser

Status

Active

Total Victims

1,356

Active Sites

5 / 5

Has Parser

Yes

Top Target Countries

🇺🇸 US🌍 Unknown🇨🇦 CA🇩🇪 DE🇬🇧 GB

Top Target Industries

ManufacturingBusiness ServicesTechnologyConstructionUnknown
Country Distribution
🇺🇸 US777
🌍 Unknown124
🇨🇦 CA70
🇩🇪 DE57
🇬🇧 GB33
🇮🇹 IT31
🇦🇺 AU21
🇪🇸 ES20
Site Locations (5)
Description

The Akira ransomware group is said to have emerged in March 2023, and there's much speculation about its ties to the former CONTI ransomware group. It's worth noting that with the end of CONTI's operation, several affiliates migrated to independent campaigns such as Royal, BlackBasta, and others. According to some reports, Akira affiliates also work with other ransomware operations, such as Snatch and BlackByte, as an open directory of tools used by an Akira operator was identified, which also had connections to the Snatch ransomware. The first version of the Akira ransomware was written in C++ and appended files with the '.akira' extension, creating a ransom note named 'akira_readme.txt,' partially based on the Conti V2 source code. However, on June 29, 2023, a decryptor for this version was reportedly released by Avast. Subsequently, a version was released that fixed the decryption flaw on July 2, 2023. Since then, the new version is said to be written in Rust, this time called 'megazord.exe,' and it changes the extension to '.powerranges' for encrypted files. Most of Akira's initial access vectors use brute-force attempts on Cisco VPN devices (which use single-factor authentication only). Additionally, exploitation of CVEs: CVE-2019-6693 and CVE-2022-40684 for initial access has been identified.Source: https://github.com/crocodyli/ThreatActors-TTPs

Ransom Notes (2)
akira_readme.txt.akiraAkira Ransomware Note
Hi friends,

Whatever who you are and what your title is, if you're reading this it means the internal infrastructure of your company is fully or partially dead.

All your backups - virtual, physical - everything that we managed to reach - are completely removed.

Moreover, we have taken a large amount of your corporate data prior to encryption.

Contact us: [TOR LINK]

akira
Decryptor Available

Akira Decryptor

Provider: Avast

View All Decryptors
Recent Victims (1,356 total)
View All
VictimCountryIndustryDate
Woodland Trade
UnknownN/A2 days ago
Charles River Insurance
UnknownN/A2 days ago
Westamerica Communications
UnknownN/A2 days ago
American Vintage Home, Briggs Plumbing Products, Genco Manufacturing, American Vintage Hom...
UnknownN/A2 days ago
Serap
UnknownN/A3 days ago
Starr Insurance
akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
DLS
activeLast scrape: 12 Jan 2026, 06:53
akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
DLS
activeLast scrape: 12 Jan 2026, 06:54
akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
DLS
activeLast scrape: 12 Jan 2026, 06:55
akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
DLS
activeLast scrape: 12 Jan 2026, 06:56
akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
DLS
activeLast scrape: 12 Jan 2026, 06:58
akira_readme_2.txtAkira - akira readme 2
Hi friends,

Whatever who you are and what your title is, if you're reading this it means the internal infrastructure of your company is fully or partially dead, all your backups - virtual, physical - everything that we managed to reach - are completely removed. Moreover, we have taken a great amount of your corporate data prior to encryption.



ATTENTION! Strictly prohibited:

- Deleting files with .arika extension;

- Replacing or renaming .arika and .akira files;

- Using third party software to recover your systems.

If you violate these rules, we cannot guarantee a successful recovery.



Well, for now let's keep all the tears and resentment to ourselves and try to build a constructive dialogue. We're fully aware of what damage we caused by locking your internal sources. At the moment, you have to know:



1. Dealing with us you will save A LOT due to we are not interested in ruining you financially. We will study in depth your finance, bank & income statements, your savings, investments etc. and present our reasonable demand to you. If you have an active cyber insurance, let us know and we will guide you how to properly use it. Also, dragging out the negotiation process will lead to failing of the deal.

2. Paying us you save your TIME, MONEY, EFFORTS and be back on track within 24 hours approximately. Our decryptor works properly on any files or systems, so you will be able to check it by requesting a test decryption service from the beginning of our conversation. If you decide to recover on your own, keep in mind that you can permanently lose access to some files or accidentally corrupt them - in this case we won't be able to help.

3. The security report or the exclusive first-hand information that you will receive upon reaching an agreement is of great value, since NO full audit of your network will show you the vulnerabilities that we've managed to detect and use in order to get into, identify backup solutions and download your data.

4. As for your data, if we fail to agree, we will try to sell personal information/trade secrets/databases/source codes - generally speaking, everything that has a value on the darkmarket - to multiple threat actors at once. Then all of this will be published in our blog - akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad[.]onion.

5. We're more than negotiable and will definitely find a way to settle this quickly and reach an agreement which will satisfy both of us.



If you're indeed interested in our assistance and the services we provide you can reach out to us following simple instructions:



1. Install TOR Browser to get access to our chat room - torproject[.]org/download/.

2. Paste this link - https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion/d/[snip] .

3. Use this code - [snip] - to log into our chat.



Keep in mind that the faster you will get in touch, the less damage we cause.
View All Ransom Notes
Unknown
N/A
4 days ago
Builtrite
UnknownN/A4 days ago
Swagelok
UnknownN/A4 days ago
Alliance Roofing
UnknownN/A4 days ago
Tange , Mann & Garza
UnknownN/A4 days ago
Dean Supply
UnknownN/A5 days ago
Excel Healthcare Receivable Management &Consulting
UnknownN/A5 days ago
Cox Design & Metal Fabrication
UnknownN/A5 days ago
MerchNOW
UnknownN/A5 days ago
Office Peeps, Nappie's Food Service, Janome America, IT-Supporten, A-1 Pools.
UnknownN/A6 days ago
Motleys Asset Disposition Group
UnknownN/A6 days ago
GeoMechanics Technologies
UnknownN/AMar 27, 2026
Quality Carton and Converting
UnknownN/AMar 27, 2026
Sheladia Associates
UnknownN/AMar 27, 2026
Axiomatic Technologies Corporation
UnknownN/AMar 27, 2026