{"id":8492,"date":"2026-04-02T11:26:04","date_gmt":"2026-04-02T16:26:04","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88473"},"modified":"2026-04-02T11:26:04","modified_gmt":"2026-04-02T16:26:04","slug":"akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/04\/02\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour\/","title":{"rendered":"Akira ransomware group can achieve initial access to data encryption in less than an hour"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v24.5 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ --> <title>Akira ransomware group can achieve initial access to data encryption in less than an hour | CyberScoop<\/title> <meta name=\"description\" content=\"A new report from Halcyon finds that the group also puts more effort than usual into developing working decryptors, likely to incentivize businesses to pay up.&nbsp;\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/akira-ransomware-initial-access-to-encryption-in-hours\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Akira ransomware group can achieve initial access to data encryption in less than an hour\"> <meta property=\"og:description\" content=\"A new report from Halcyon finds that the group also puts more effort than usual into developing working decryptors, likely to incentivize businesses to pay up.&nbsp;\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/akira-ransomware-initial-access-to-encryption-in-hours\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-04-02T16:26:04+00:00\"> <meta property=\"article:modified_time\" content=\"2026-04-02T16:26:07+00:00\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-2.jpg\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1774626878g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1775074092g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88473\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88473\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fakira-ransomware-initial-access-to-encryption-in-hours%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fakira-ransomware-initial-access-to-encryption-in-hours%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88473 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/akira-ransomware-initial-access-to-encryption-in-hours\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.873381294964\">\n<div class=\"single-article__header-content\" readability=\"34.631346578366\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/akira-ransomware-initial-access-to-encryption-in-hours\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> A new report from Halcyon finds that the group also puts more effort than usual into developing working decryptors, likely to incentivize businesses to pay up.&nbsp; <\/p>\n<p> <!-- Listen to this article section --> <!-- Audio Element --><br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88473\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p> <!-- Countdown Timer --> <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p> <!-- Tooltip --> <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p> <!-- End of audio player --> <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"444\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour.jpg?resize=640%2C444&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-2.jpg 3000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-2.jpg?resize=300,208 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-2.jpg?resize=768,533 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-2.jpg?resize=1024,711 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-2.jpg?resize=1536,1066 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-2.jpg?resize=2048,1422 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-2.jpg?resize=600,417 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-2.jpg?resize=242,168 242w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-2.jpg?resize=485,337 485w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-2.jpg?resize=972,675 972w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-2.jpg?resize=1214,843 1214w\" sizes=\"(max-width: 972px) 100vw, 972px\"><figcaption> &#8220;Akira&#8221; art and animation cells at the The Academy of Motion Picture Arts and Sciences Presents Special Screening of &#8220;Akira&#8221; at Samuel Goldwyn Theater on December 02, 2019 in Beverly Hills, California. (Photo by Rodin Eckenroth\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"33.800610941405\"><body readability=\"68.570867430442\"><\/p>\n<p>The Akira ransomware group has compromised hundreds of victims over the past year with a well-honed attack lifecycle that has whittled down the time from initial access to encryption of data in less than four hours, <a href=\"https:\/\/www.halcyon.ai\/ransomware-research-reports\/akira-ransomware-attacks-in-under-an-hour\">according to<\/a> cybersecurity firm Halcyon.<\/p>\n<p>Akira has been active since 2023, racking up at least $245 million in ransom payments from victims through September 2025. The cybercriminal outfit likely includes former members and affiliates of the now-defunct Conti ransomware group, and is known for its polished approach to digital extortion.<\/p>\n<p>A primary example can be found in the efficiency of Akira\u2019s infection cycle, which has reduced incident response times to hours. According to Halcyon, Akira is known for using zero-day vulnerabilities, buying exploits from initial access brokers and exploiting VPNs lacking multifactor authentication to infect their victims. Akira also uses a process known as \u201cintermittent encryption,\u201d whereby large files can be encrypted faster in smaller blocks.<\/p>\n<p>\u201cAkira is more stealthy and less aggressive allowing the ransomware to move swiftly through the entire ransomware attack kill chain from initial access to exfiltration, and encryption in as little as 1 hour without detection,\u201d Halcyon wrote in a blog published Thursday. \u201cIn most cases, the time from initial access to encryption was less than four hours.\u201d&nbsp;<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Additionally, while most ransomware operators tend to spend \u201cabout 90-95%\u201d of their time developing their encryption malware and 5-10% on crafting decryptors, Halcyon said Akira has made \u201cextensive efforts to ensure the recovery of large files, like server images,\u201d going so far as to temporarily auto-save files with custom .akira extensions to ensure they can be recovered if the encryption process is interrupted.<\/p>\n<p>Halcyon\u2019s blog notes that these efforts are likely less due to ethical principles than because the group believes offering functional decryptors increases the chance that a business will pay the ransom. Akira\u2019s combination of rapid infection while offering firms a more reliable way to recover their data is something that \u201csets it apart from many ransomware operators.\u201d<\/p>\n<p>\u201cThe group\u2019s ability to move from initial access to full encryption in under an hour, while maintaining recovery guarantees that incentivize victim payment, reflects a mature, business-driven criminal enterprise,\u201d Halcyon said.<\/p>\n<p>The group has been observed exploiting vulnerabilities in Veeam backup and replication servers, Cisco VPNs and SonicWall appliances. Like other ransomware groups, Akira uses a double-extortion model against victims, stealing their data before encrypting it, then threatening to publish the stolen data online if businesses don\u2019t pay.<\/p>\n<p>Last year, the FBI and the Cybersecurity and Infrastructure Security Agency <a href=\"https:\/\/cyberscoop.com\/akira-ransomware-fbi-cisa-joint-advisory\/\">flagged<\/a> Akira as one of the top ransomware criminal groups in the world, primarily targeting small- and medium-sized businesses in the manufacturing, education, IT, health care, financial and agricultural sectors.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.6036697247706\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/04\/akira-ransomware-group-can-achieve-initial-access-to-data-encryption-in-less-than-an-hour-1.jpg?w=640&#038;ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/akira-ransomware-initial-access-to-encryption-in-hours\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Akira ransomware group can achieve initial access to data encryption<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3677,282,78,1583,46,256,49],"tags":[3680,286,86,1587,54,262,57],"class_list":["post-8492","post","type-post","status-publish","format-standard","hentry","category-akira","category-cybercrime","category-cybersecurity","category-encryption","category-ransomware","category-research","category-threat-intelligence","tag-akira","tag-cybercrime","tag-cybersecurity","tag-encryption","tag-ransomware","tag-research","tag-threat-intelligence"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/akira\/\" rel=\"category tag\">Akira<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/encryption\/\" rel=\"category tag\">encryption<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threat-intelligence\/\" rel=\"category tag\">Threat Intelligence<\/a>","tag_info":"Threat Intelligence","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8492","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8492"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8492\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8492"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8492"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8492"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}