Akira
We've curated 20 cybersecurity statistics about Akira to help you understand how this emerging ransomware variant is impacting organizations in 2025, including its tactics, targets, and the evolving defenses against it.
Related Topics
Showing 1-20 of 20 results
In Q3 2025, Akira, Qilin, and INC Ransomware accounted for 65% of all ransomware cases investigated by Beazley Security.
In Q3 2025, the Akira ransomware group claimed 167 posts on their public leak site.
In Q3 2025, the Akira ransomware group accounted for approximately 39% of Beazley Security incident response cases.
Akira was responsible for 139 undisclosed ransomware attacks in Q3 2025, representing 9% of all undisclosed ransomware attacks.
Akira's victim count in Q3 is 212% higher than the same period in 2024.
Akira had 133 victims (organizations and individuals) in Q2 2025.
During Q3 2025, Akira claimed one healthcare industry organization as a victim on their DLS.
Akira experienced a single day spike of 20 claimed victims (organizations and individuals) on August 11th 2025.
Akira is among the top 3 ransomware outfits that impact organizations within the Technology vertical.
Akira had 150 victims (organizations and individuals) in Q3 2025.
Akira demonstrated a rise in activity with 13% more victims (organizations and individuals) in Q3 compared to Q2.
Akira was the second most active threat group in June 2025, with 31 attacks, rising from fourth place in May.
Akira listed approximately 130 organizations to its data-leak site each quarter in 2025.
Akira showed a 348% rise in the number of organizations named in Q2 2025 compared to the same period last year.
Akira has already listed 15% more victims in the first half of 2025 than it did throughout the entirety of 2024.
Akira ransomware was the most prolific variant for Coalition policyholders, accounting for 13% of ransomware claims in 2024.
Akira and RansomHub shared second place of most active threat group in March, with 62 attacks each.
Akira was the third most active ransomware group, with 77 attacks in February 2025.
Akira averaged 19 attacks per month between January 2024 and November 2024. In December, the collective added at least 93 separate victims to their leak site, bringing their 2024 monthly average up to approximately 25. Throughout 2024, approximately 71 percent of Akira’s victims were based in North America, rising to approximately 81 percent in Q4 2024.
The second most active ransomware group in December was Clop with 68 attacks, followed by Akira with 43 attacks and RansomHub with 41 attacks.