Active ransomware operator
← All groupsAkira
aka Megazord · 1,672 victims indexed · first seen 3 years ago · last activity 2 days ago
At a glance
- Status
- active
- Aliases
- Megazord
- First seen
- 3 years ago
- Last activity
- 2 days ago
- Onion sites
- 5 known endpoints
- Primary sector
- Not Found · 358 hits
About
References
6 linksExternal sources curated by the MISP threat-intel community.
- ransomlook.io/group/akira
- github.com/crocodyli/ThreatActors-TTPs/tree/main/Akira
- ransomlook.io/group/megazord
- sentinelone.com/labs/akira-ransomware-attacks-vpn-appliances
- bleepingcomputer.com/news/security/akira-ransomware-now-targets-linux-vmware-esxi-servers
- cisa.gov/news-events/cybersecurity-advisories/2024/04/04/akira-ransomware
Timeline
24 monthsTop countries
Top sectors
MITRE ATT&CK
5 techniques · 5 tacticsTactics
Indicators of compromise
CVEs exploited
Known tools
Detection · YARA rules
1 ruleAkira_Ransomware
Detects Akira ransomware
source: CISA AA24-109A
Recent victims
Loading…
Onion infrastructure
5 known- http://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
- http://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
- http://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion/
- https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/n
- https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion/
Source
Updated 2 days agoData on this page is sourced from the group's own leak posts, cross-checked with public ransomware trackers (RansomLook, ransomware.live, RansomWatch), MITRE ATT&CK, and our own Tor and Telegram crawlers. This is a public observatory page — share freely.
Get alerted the next time Akira posts a victim.
Add Akira to your watchlist — Pro pings you within 5 minutes of any new Akira leak-site post, Telegram callout, or affiliate-rebrand inference.

