Akira Ransomware in 2025: Tactics, Targets, and Trends

Since the beginning of 2025, the Akira ransomware group has continued to demonstrate both persistence and adaptability in its operations. Our team’s analysis shows a total of 471 confirmed victim disclosures across January to September 2025. This high number underscores Akira’s ability to maintain operational tempo, leverage diverse affiliates, and exploit systemic weaknesses across multiple industries and geographies.

Akira has positioned itself as a major threat actor by:

• Scaling attacks through a Ransomware-as-a-Service (RaaS) model, enabling affiliates with varying levels of sophistication to conduct intrusions.
• Blending opportunistic targeting (small and mid-sized firms with weak external defenses) with strategic selections (manufacturing, technology, and business service providers that amplify impact).
• Maintaining a dual-extortion strategy, where data theft precedes encryption, ensuring pressure on victims regardless of backup resilience.