This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit  stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

Originally published April 18, 2024, this Joint Cybersecurity Advisory has been updated with information on new Akira ransomware activity that presents an imminent threat to critical infrastructure. Updated information is labeled with Update Nov. 13, 2025 at the beginning and End Update at the end of sections that include substantive new information, such as new Akira threat actor activity, TTPs, and IOCs.

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners are releasing this joint advisory to disseminate known Akira ransomware IOCs and TTPs identified through FBI investigations and trusted third-party reporting as recently as November.

Akira ransomware threat actors are associated with other groups known as Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara, and may have connections to the defunct Conti ransomware group. Akira threat actors primarily target small- and medium-sized businesses, but have also impacted larger organizations across various sectors.

The authoring organizations recommend organizations implement the mitigations found in the joint advisory to improve their cybersecurity posture based on the threat actors’ activity. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats and TTPs. Visit CISA’s CPGs webpage for more information on the CPGs, including additional recommended baseline protections.

For mitigations specific to K–12 schools, see CISA’s guidance Protecting Our Future: Partnering to Safeguard K-12 Organizations from Cybersecurity Threats.