Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Akira group rapid double-extortion ransomware activity

Malware Activity
First reported
Last updated
Happening score
H score 44
1 unique sources, 2 articles

Summary

Hide ▲

Akira ransomware activity now includes AdaptixC2 abuse in active intrusions, alongside the group’s under-one-hour to under-four-hours attack cadence. A Silent Push analysis ties the tool’s deployment to CountLoader and reports a DFIR case where an Akira affiliate used it, while the broader activity still centers on double-extortion, data exfiltration before encryption, and access through internet-facing VPN appliances and backup solutions lacking MFA.

Related Happenings

Foxconn claimed data leak by Nitrogen ransomware group

Data Leak
First: 13.05.2026 20:13 Last: 13.05.2026 20:13 Sources 1

About this happening: The **Nitrogen ransomware group** claimed a **Foxconn data leak** involving **8TB** and more than **11 million files**, raising the risk that confidential manufacturing material t...

Open Happening

PCPJack TeamPCP-targeting cloud credential theft campaign

Campaign
First: 08.05.2026 12:00 Last: 08.05.2026 12:00 Sources 1

About this happening: A new **PCPJack** campaign is targeting **TeamPCP victims** by **worming across exposed cloud infrastructure**, creating a fresh risk of credential theft and unauthorized reuse of...

Open Happening

MuddyWater Microsoft Teams social-engineering campaign with Chaos ransomware decoy

Campaign
First: 06.05.2026 16:02 Last: 06.05.2026 16:02 Sources 1

About this happening: The **MuddyWater** campaign used **Microsoft Teams** social engineering and a **Chaos ransomware** decoy to gain access, steal credentials, and establish persistence. The operatio...

Open Happening

Vect 2.0 ransomware wiper-flaw activity

Malware Activity
First: 29.04.2026 18:23 Last: 29.04.2026 18:23 Sources 1

About this happening: The **Vect 2.0** ransomware variant now **permanently destroys large files** instead of encrypting them, which can leave defenders without a recoverable copy. The flaw affects ver...

Open Happening

Vect ransomware flawed ChaCha20 implementation destroys large files

Technical Analysis
First: 29.04.2026 13:45 Last: 29.04.2026 13:45 Sources 1

About this happening: **Vect 2.0 ransomware** was shown to use **raw ChaCha20-IETF (RFC 8439)** without authentication, causing files above **128 KB** to be permanently destroyed across **Windows, Linu...

Open Happening

Timeline

  1. 02.04.2026 16:00 3 articles · 1mo ago

    Akira rapid double-extortion tradecraft report

    Technical Analysis Update

    Researchers assess that Akira can complete a full ransomware lifecycle in under four hours and, in some cases, in less than one hour, often after initial access through internet-facing VPN appliances or backup solutions lacking MFA. The group exfiltrates data before encryption in a double-extortion workflow, disables security software to evade detection, and uses FileZilla, WinRAR, WinSCP, and RClone for staging and encryption.

    Show sources
    Open in new tab