Explore OpenCTI or OpenAEV platform with 30 days Free Trial!
XTM Hub by FiligranSign In

Akira ransomware

Endpoint Security Validation
Threat Intelligence Defense (opencti <> Openaev)
Csirt/cert Training & Exercises

Overview

Akira Simulation

This OpenAEV scenario simulates a full-scale ransomware attack carried out by the Akira ransomware group, known for targeting corporate networks across various sectors. The simulation is designed to test and improve an organization’s detection, response, and recovery capabilities during a highly realistic ransomware breach. Participants play the role of blue team defenders responding to a spear-phishing campaign that leads to initial access. The attackers use known Akira TTPs (tactics, techniques, and procedures), including data exfiltration, privilege escalation, lateral movement, and ultimately, the encryption of critical assets followed by a ransom note.

Key Features:

  • Realistic emulation of Akira’s MITRE ATT&CK techniques (e.g., T1059, T1566, T1021)
  • Simulation of C2 (Command & Control) infrastructure and data exfiltration
  • Deployment of custom Akira-like ransomware payloads in a safe, contained environment
  • Options for simulating double extortion: file encryption + data leak threats -Metrics tracking (time-to-detect, time-to-contain, recovery speed) This scenario is ideal for red vs blue team exercises, SOC training, or tabletop sessions aimed at improving ransomware incident response.

Basic information

Filigran
Sébastien Miguel
July 01, 2026
1.17.0
200+
90+

    We use cookies to make the XTM Hub work, understand how it's used, and improve your experience. Strictly necessary cookies are always on. With your consent, we also use optional cookies for functionality, performance and analytics, and marketing. You can accept all, reject all, or choose which optional cookies to allow. You can change your preferences at any time via "Cookie settings". See our Cookie Policy for more information.