akira
Known ransomware group ACTIVE Currently active
Akira is a prolific ransomware operation active since March 2023, known for its retro green-on-black leak site and for encrypting both Windows and Linux/ESXi environments. It frequently gains initial access through compromised VPN credentials and unpatched edge devices, and shares code lineage with the defunct Conti group.
7
Total Claims
7
Critical
—
Records Claimed
4
Industries Hit
Active span: Apr 22, 2026 – Jun 3, 2026 · 7 organizations targeted
Currently active
Actor Threat Profile
Activity Timeline
Peak: May 2026 (5)Apr 2026
LessMore
Jun 2026Share this profile
Top Targeted Industries
Healthcare 4
Financial Services 1
Energy 1
Business Services 1
Tradecraft & Infrastructure
42
Documented tools
12 / 27
MITRE tactics / techniques
2
Known leak sites
CredentialTheftDefenseEvasionDiscoveryEnumExfiltrationLOLBASNetworkingOffsecRMM-Tools
Full intelligence profile on ransomware.live →
Targeted Organizations
Claims by akira
Critical
Ransomware Claim: Hal Otey Financial
Hal Otey Financial
akira
Ransomware Financial Services
Jun 5, 2026 Critical
Ransomware Claim: Allele Diagnostics
Allele Diagnostics
akira
Ransomware Healthcare
May 14, 2026 Critical
90 GB leaked Ransomware Claim: Greenwoods Dental Centre
Greenwoods Dental Centre
akira
Ransomware Healthcare
May 9, 2026 Critical
48 GB leaked Ransomware Claim: Réseau Radiologique Romand
Réseau Radiologique Romand
akira
Ransomware Healthcare
May 9, 2026 Critical
41 GB leaked Ransomware Claim: Clinical Registry Solutions
Clinical Registry Solutions
akira
Ransomware Healthcare
May 8, 2026 Critical
10 GB leaked Ransomware Claim: SDK Environmental
SDK Environmental
akira
Ransomware Energy
May 8, 2026 Critical
12 GB leaked Ransomware Claim: Kubiak Melton & Associates
Kubiak Melton & Associates
akira
Ransomware Business Services
Apr 23, 2026