Akira Ransomware in 2025: Tactics, Targets, and Trends

Akira Ransomware in 2025: Tactics, Targets, and Trends

This report is about ‘Akira Ransomware in 2025: Tactics, Targets, and Trends’.

Download Report

Since the beginning of 2025, the Akira ransomware group has continued to demonstrate both persistence and adaptability in its operations. Our team’s analysis shows a total of 471 confirmed victim disclosures across January to September 2025. This high number underscores Akira’s ability to maintain operational tempo, leverage diverse affiliates, and exploit systemic weaknesses across multiple industries and geographies.

Akira has positioned itself as a major threat actor by:

  • Scaling attacks through a Ransomware-as-a-Service (RaaS) model, enabling affiliates with varying levels of sophistication to conduct intrusions.
  • Blending opportunistic targeting (small and mid-sized firms with weak external defenses) with strategic selections (manufacturing, technology, and business service providers that amplify impact).
  • Maintaining a dual-extortion strategy, where data theft precedes encryption, ensuring pressure on victims regardless of backup resilience.

Akira Ransomware

Relevant Reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields: