Akira ransomware

This OpenBAS scenario simulates a full-scale ransomware attack carried out by the Akira ransomware group, known for targeting corporate networks across various sectors. The simulation is designed to test and improve an organization’s detection, response, and recovery capabilities during a highly realistic ransomware breach. Participants play the role of blue team defenders responding to a spear-phishing campaign that leads to initial access. The attackers use known Akira TTPs (tactics, techniques, and procedures), including data exfiltration, privilege escalation, lateral movement, and ultimately, the encryption of critical assets followed by a ransom note.

Key Features:

• Realistic emulation of Akira’s MITRE ATT&CK techniques (e.g., T1059, T1566, T1021)
• Simulation of C2 (Command & Control) infrastructure and data exfiltration
• Deployment of custom Akira-like ransomware payloads in a safe, contained environment
• Options for simulating double extortion: file encryption + data leak threats -Metrics tracking (time-to-detect, time-to-contain, recovery speed) This scenario is ideal for red vs blue team exercises, SOC training, or tabletop sessions aimed at improving ransomware incident response.