Akira Ransomware Unleashes Double Extortion Barrage on 12 Global Companies in 72 Hours
The Akira ransomware group has intensified its operations, adding data from 12 new companies to its dark web leak portal within just three days—from July 15 to 17, 2025. This surge in attacks targeted organizations across a broad spectrum of industries and countries, ranging from food production to legal and IT services. Akira’s modus operandi centers on double extortion: first, exfiltrating sensitive data, then encrypting the victim’s systems and threatening public disclosure unless a ransom is paid.
The list of affected organizations reveals the sheer scale and indiscriminate nature of the attacks. Akira appears indifferent to industry or geography, indiscriminately selecting targets worldwide. Members of the group have reportedly begun publishing detailed descriptions of the compromised entities and the types of data stolen, applying additional pressure on victims to comply.
Among the U.S.-based companies named is The Colgin Companies, a producer of liquid smoke-based sauces, from which client files and contracts were allegedly stolen. Also impacted is PEPRO, a manufacturer of secure communications systems, where attackers claim to have obtained over 15 GB of data, including employee personal records, client information, financial statements, and non-disclosure agreements.
Of particular concern is the breach of Title XI, a company offering cloud-based bankruptcy management solutions. Over 50 GB of highly sensitive legal and personal data may have been exfiltrated, including scans of passports and driver’s licenses, Social Security numbers, court documents, and internal communications.
The legal firm Goldberg & Osborne, which represents victims in litigation, suffered one of the most severe breaches: over 150 GB of data was allegedly stolen, including personal documents of more than 200 clients, as well as their medical, financial, and legal records.
Among Italian companies, the vinegar producer Acetificio Andrea Milano is said to have lost approximately 47 GB of data, including information related to owners, staff, finances, and clients. Two other Italian firms were also affected: the metallurgy company Mazzoleni and IT consultancy Studioc, both of which reportedly lost financial records, contracts, and customer databases.
German firm BAF Management Consulting was similarly targeted, allegedly losing confidential information belonging to both clients and staff. In Romania, Multilift Logistic Group—a company specializing in port and warehouse operations—reportedly had 17 GB of documents stolen, including employees’ full personal identification data, client files, and contracts.
British dairy manufacturer Fayrefield Foods suffered a leak involving 41 GB of information, including employee scans, contracts, financial records, and customer data. Swedish digital printing company Sib-Tryck Holding also appears on Akira’s list, with 45 GB of internal documents allegedly stolen, encompassing employee, project, and client information.
One particularly notable case involves GreenVest, a U.S.-based environmental consulting firm. Akira claims to have exfiltrated over 7 GB of project files and financial data.
The publication of these companies on Akira’s leak site is more than a declaration of compromise—it’s a countdown to full exposure. This tactic is designed to coerce organizations into negotiations, pressuring them to pay before their stolen data is made public. Given the diversity of industries and the sensitivity of the information involved—especially within legal and IT sectors—the potential consequences are dire not only for the affected entities but also for their clients.
