Joint Cybersecurity Advisory TLP Clear: #StopRansomware: Akira Ransomware

Actions for Organizations to Take Today to Mitigate Cyber Threats Related to Akira Ransomware Activity:

  • Prioritize remediating known exploited vulnerabilities.
  • Enable and enforce phishing-resistant multifactor authentication (MFA).
  • Maintain regular backups of critical data, ensure backups are stored offline, and regularly
    test the restoration process.

This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit StopRansomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

Note: Originally published April 18, 2024, this advisory was updated Nov. 13, 2025, with information on new Akira ransomware activity that presents an imminent threat to critical infrastructure. Updated information is labeled with “Update Nov. 13, 2025” at the beginning and “End Update” at the end of sections that include substantive new information, such as new Akira threat actor activity, TTPs, and IOCs.

View the detailed advisory below.

Key Resources

Related Resources

Special Bulletin
Senate Deal Reached to End Government Shutdown
Member
Guides/Reports
Strategies for Cyber Preparedness in Health Care
Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service
Issue Landing Page
Support for Your Cybersecurity Program
Guides/Reports
Cybersecurity and Risk Advisory Services