virus logo Threat Signal Report

Akira Ransomware Attack

What is the Akira Ransomware Attack?

The Akira ransomware attack has been actively and widely impacting businesses. According to CISA advisory, the ransomware group has impacted over 250 organizations and claimed approximately $42 million (USD) in ransomware proceeds. The ransomware group gains initial access via either less-secured VPN or Cisco vulnerabilities. Once the network is compromised, the threat actor is able to target a system and encrypt files with .akira extension.

What is the recommended Mitigation?

Review attack surfaces and ensure that all systems are kept up-to-date with the latest patches. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization.

What FortiGuard Coverage is available?

FortiGuard Labs has existing AV signatures (i.e. W64/Akira.C!tr.ransom) to block all the known malware variants used by Ransomware group and has blocked related IoCs via Web filtering service.

description-logoOutbreak Alert

FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has targeted over 250 organizations since the past year, affecting numerous businesses and critical infrastructure entities across North America, Europe, and Australia. The gang has made over $42 million from the attacks as ransom payments.

View the full Outbreak Alert Report

Additional Resources

CISA Advisory: Akira Ransomware


Released Date Apr 19, 2024
Tags Akira Ransomware Threat Signal Ransomware
CVE ID

Experienced a Breach? We're here to help

FortiGuard Incident Response Services
FortiGuard Incident Response Services
Outbreak Alert Outbreak Alert
About FortiGuard Threat Signal

Learn More »