Akira Ransomware: A Growing Cyber Threat

**Executive summary:** The report profiles the Akira ransomware group (active since early 2023), detailing its double‑extortion operations against healthcare, education, finance, manufacturing and government targets across the Americas and Europe; it describes initial and re‑engineered ransomware variants (file extensions .akira and .powerranges), use of ChaCha and RSA‑4096 for encryption, exploitation of CVE‑2023‑20269 and CVE‑2024‑40711, commonly abused tools (Masscan, Mimikatz, RClone), and a November 2024 incident where stolen data from Xtrim TVCable in Ecuador was leaked after ransom negotiations failed, and concludes with defensive recommendations.