Federal cybersecurity and law enforcement agencies issued a fresh warning on Thursday regarding the evolving tactics of the Akira ransomware group, which has claimed over $244 million in ransom payments in the past year.
The updated guidance is issued by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the Department of Defense Cyber Crime Center, the Department of Health and Human Services, and international partners.
These agencies provided updated indicators of compromise (IOCs) and details on tactics, techniques, and procedures (TTPs) to help organizations detect and defend against Akira ransomware activity.
First identified in 2023, Akira primarily targets small and medium-sized businesses, but has also impacted larger organizations across various sectors.
The affected industries include manufacturing, education, IT, healthcare, finance, food, and agriculture.
Agencies note that Akira has connections to other cybercrime groups, including Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara. It may also be linked to the Conti ransomware group, which officially ceased operations in 2022, per MeriTalk.
During a media briefing, FBI Cyber Division Assistant Director Brett Leatherman said that IOCs tied to Akira were observed as recently as this month.
However, those indicators have not yet been directly confirmed as Akira activity. Leatherman noted that the group has claimed more than $244 million in ransom payments over the last year and remains a top priority for federal tracking.
“We know that they are actively looking at the vulnerabilities disclosed in [the guidance] in order to monetize their activity,” he explained.
CISA and the FBI stressed that organizations should take proactive measures to protect themselves from ransomware attacks. Recommended practices include regularly backing up data, implementing multifactor authentication, and prioritizing remediation of known exploited vulnerabilities.
These steps are essential to reduce exposure to Akira’s evolving techniques, which continue to pose a serious threat to organizations of all sizes.
Nick Andersen, Executive Assistant Director for CISA’s Cybersecurity Division, emphasized the urgency of following the new guidance.
“The threat of ransomware from groups like Akira is real and organizations need to take it seriously, with swift implementation of mitigation measures,” Andersen said. He urged organizations, regardless of size, to adopt the recommendations promptly to reduce their risk of attack.
The agencies’ joint warning underscores the ongoing sophistication and reach of ransomware groups like Akira, which continue to exploit vulnerabilities in both small businesses and large institutions.
By issuing updated guidance and public warnings, federal authorities aim to help organizations stay ahead of these threats, mitigate potential financial losses, and protect sensitive data from compromise.
The alert highlights that ransomware remains one of the most significant cybersecurity threats in 2025.
Akira’s rapid growth, substantial ransom claims, and expanding list of targets demonstrate the urgent need for organizations to implement rigorous defenses and maintain vigilance against these increasingly sophisticated attacks.
