AKIRA Ransomware Group Intensifies Attacks in Switzerland
A surge in ransomware attacks attributed to the AKIRA hacker group is impacting Swiss companies, with approximately 200 businesses already victimized. The financial damage is estimated at several million Swiss francs, and hundreds of millions of dollars globally.
A criminal inquiry, led by the Federal Public Prosecutor’s Office (MPC) and coordinated by Fedpol with support from the Federal Office for Cybersecurity (OFCS), has been underway as April 2024, focusing on attacks occurring between May 2023 and September 2025. International authorities are also collaborating on the case.
Authorities report a notable increase in AKIRA-linked attacks in recent months, reaching a record 4-5 instances per week in Switzerland.
Double Extortion Tactics
AKIRA, active sence march 2023, employs a “double extortion” strategy.they first steal sensitive data from victims, then encrypt it, demanding a ransom for both its return and to prevent public release on the Darknet.
While 200 companies have been identified as victims, authorities believe the actual number is higher, as many businesses choose to pay ransoms (typically in Bitcoin) and avoid reporting the incidents to protect their reputations.
Recommendations for Businesses
Authorities strongly advise against paying ransoms, urging victims to report attacks to facilitate investigations. They emphasize that reporting incidents increases the likelihood of disrupting these criminal operations.
Key vulnerabilities exploited by AKIRA include outdated systems and unsecured remote access points like VPNs and RDP,notably those lacking two-factor authentication (2FA).
In the event of an attack, immediate steps shoudl be taken: disconnect all internet connections, verify and secure backups, and physically isolate infected systems from the network.
