The Akira ransomware group has allegedly intensified its campaign, adding 12 new victims to its dark web data leak portal between July 15 and July 17, 2025. This string of attacks targets a diverse range of industries across the globe, from food production and manufacturing to legal and IT services. The group operates on a double-extortion model, exfiltrating sensitive data before encrypting the victim’s systems and threatening to publish the stolen information if a ransom is not paid.
The list of allegedly compromised organizations spans multiple sectors and countries, highlighting the indiscriminate nature of the ransomware gang. The threat actors have provided descriptions of the companies and have begun listing the types of sensitive data they claim to have stolen, putting significant pressure on the victims. The victims include:
- 🇺🇸 The Colgin Companies: A US-based company that offers authentic liquid smoke sauces. The group claims to have stolen files related to clients, contracts, and agreements.
- 🇮🇹 Mazzoleni: An Italian firm specializing in the drawing, heat treatment, and coating of steel wires. Allegedly exfiltrated data includes agreements, detailed financial data, and other confidential files.
- 🇮🇹 Studioc: An IT consulting and services firm. The group claims to possess its accounting and financial data, as well as client information.
- 🇩🇪 BAF Management Consulting: A consulting services provider. Stolen data allegedly includes client accounting and financial information, along with employee data.
- 🇺🇸 PEPRO: A US-based manufacturer of shielded enclosure systems for mission-critical communications. The group threatens to leak over 15 GB of data, including employee personal documents, customer information, financial data, contracts, and NDAs.
- 🇺🇸 Title XI: A software and support company providing cloud-based case management for bankruptcy trustees. The attackers claim to have over 50 GB of data, including a huge amount of customer personal information like financial statements, passport/DL/SSN scans, employee information, court documents, and NDAs.
- 🇮🇹 Acetificio Andrea Milano: A historic Italian vinegar production company. Over 47 GB of data was allegedly stolen, containing personal document scans of owners and employees, financial data, customer information, and NDAs.
- 🇺🇸 Goldberg & Osborne: A law firm representing plaintiff injury victims. The group boasts of having over 150 GB of data, including personal documents of more than 200 clients, passports, medical records, financial data, and court documents.
- 🇺🇸 GreenVest: An environmental development and consulting firm. The breach allegedly involves over 7 GB of financial data and project files.
- 🇷🇴 Multilift Logistic Group: A company specializing in port operations and terminal warehousing. The threat actors claim to have 17 GB of data, including complete employee personal information with passport scans, client data, and numerous contracts.
- 🇬🇧 Fayrefield Foods: A producer and marketer of dairy products across Europe, the Middle East, and North America. Over 41 GB of data was allegedly exfiltrated, including employee scans, financial files, client information, contracts, and NDAs.
- 🇸🇪 Sib-Tryck Holding: A digital printing firm from Sweden. The group claims to have 45 GB of corporate documents, including client and employee information, project data, and agreements.
The publication of these companies on Akira’s leak site serves as a public declaration of the breach and the starting point for the countdown until the data is potentially released. This tactic aims to maximize pressure on the victims to negotiate a payment. The diverse nature of the targeted industries demonstrates that no sector is immune to such cyber attacks, and the claimed data types, particularly from the legal and software firms, could have severe consequences for both the companies and their clients if released.
