#StopRansomware: Akira Ransomware

TLP:CLEAR

Summary

This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit StopRansomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

Note: Originally published April 18, 2024, this advisory was updated Nov. 13, 2025, with information on new Akira ransomware activity that presents an imminent threat to critical infrastructure. Updated information is labeled with “Update Nov. 13, 2025” at the beginning and “End Update” at the end of sections that include substantive new information, such as new Akira threat actor activity, TTPs, and IOCs.

Please click here to read more detail

TLP:CLEAR