Resource: Arctic Wolf Labs
Key Takeaways
Since March 2023, Akira ransomware has compromised at least 63 victims with approximately 80% of them being small to medium-sized businesses (SMBs).
We assess Akira is likely an opportunistic ransomware group due to their victimology and negotiation tactics.
Through blockchain analysis, we assess with a high degree of confidence that some Conti-affiliated threat actors are linked to the Akira ransomware group.
Background
Since the fallout of Conti ransomware in mid-2022, Conti-affiliated threat actors have splintered off and developed or joined other ransomware groups to continue extorting victim organizations. Due to Conti’s source code being leaked, attribution back to the Conti ransomware group via code overlap is much more difficult. However, leveraging blockchain analysis, we can begin to discern what ransomware groups Conti-affiliated threat actors have worked with; one such group is Akira.
Read the full article HERE