Federal cybersecurity authorities and law enforcement agencies in U.S have released a new warning to small and medium businesses about the increasingly aggressive fraud tactics of the Akira ransomware group. Who are they? Akira Ransomware is a cyber criminal group that has collected more than $244 million in ransom payments over the past year.
The updated advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the Department of Defense Cyber Crime Center, the Department of Health and Human Services, and several international partners. Their goal is to help organizations recognize Akira-linked activity earlier and strengthen their defenses before attacks escalate.
New Technical Guidance Aims to Help Detect Akira Attacks
The joint alert includes newly updated indicators of compromise (IOCs) and detailed descriptions of the group’s latest tactics, techniques, and procedures (TTPs). Officials say these insights are designed to help IT teams identify suspicious activity linked to Akira and stop breaches before data is stolen or encrypted.
Akira first emerged in 2023 and initially targeted smaller companies. But investigators say the group has widened its reach, hitting large organizations across manufacturing, education, information technology, healthcare, finance, food production, and agriculture.
Cybercrime Links and Possible Connection to the Conti Group
Federal analysts also reported that Akira appears to share operational ties with several other high-profile cybercrime networks, including Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara. Experts believe the group may also have roots in, or past collaboration with, the Conti ransomware syndicate, which collapsed in 2022.
During a press briefing, Brett Leatherman, Assistant Director of the FBI’s Cyber Division, confirmed that new IOCs associated with Akira were detected as recently as this month. While not all recent indicators have been conclusively matched to the group, Leatherman said Akira’s escalating operations remain one of the FBI’s highest investigative priorities.
“They are actively probing the vulnerabilities identified in this advisory and are working quickly to monetize them,” he said.
Authorities Urge Businesses to Strengthen Defenses Immediately
CISA and the FBI highlighted several critical steps that organizations should take now to reduce their risk of becoming victims:
- Maintain frequent, offline data backups
- Enable multifactor authentication across all critical systems
- Patch and remediate known exploited vulnerabilities as soon as updates are available
- Monitor networks for unusual activity linked to Akira-specific IOCs
Officials say these measures are essential in limiting exposure to Akira’s evolving attack strategies.
Nick Andersen, Executive Assistant Director for CISA’s Cybersecurity Division, stressed the need for immediate action.
“The ransomware threat from groups like Akira is real, and organizations must take it seriously,” Andersen said. “Swift adoption of mitigation measures is the best way to reduce the risk of a successful attack.”
Ransomware Still One of the Most Serious Cyber Threats in 2025
The agencies’ joint alert reinforces what cybersecurity experts have been warning for months: ransomware groups continue to expand their capabilities and target both small businesses and major institutions. Federal officials say the goal of these new advisories is to help organizations stay ahead of threat actors and protect data before attackers can exploit system weaknesses.
As Akira’s operations grow, its rising ransom totals, global victim list, and increasingly sophisticated tools highlight the urgent need for
About The Author
