Ransomware Group: AKIRA

VICTIM NAME: Erdy McHenry Architecture

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Erdy McHenry Architecture, a US-based firm in the Construction sector, is identified as the victim in a ransomware leak posted by the group akira. The leak page is dated August 14, 2025; in the absence of a separate compromise date in the provided data, this is treated as the post date. The page frames the incident as a data leak rather than encryption and claims that more than 26GB of internal documents have been exfiltrated from the firm’s network. The material allegedly includes financial data (such as payment details and invoices) and employee information, along with some personal and customer data. The post notes the presence of a defanged claim URL, indicating the existence of a link to verify the claim, but no direct downloads or screenshots are visible in the data, and no ransom amount is listed.

Evidence of media on the leak page is minimal, with 0 images or screenshots reported (image count: 0). The page is text-heavy and framed as a data-leak, consistent with double-extortion tactics used by ransomware groups, which threaten public release or sale of stolen data if demands are unmet. PII is redacted in this summary; the description suggests that the leaked documents could include financial records and employee information, as well as some personal and customer data, creating confidentiality and compliance risks for the victim and its clients. The defanged claim URL on the page provides a non-public path to verify the claim without exposing any direct links here.

Security-relevant observations: This incident underscores the ongoing risk to architecture and construction firms from ransomware operators, emphasizing data exfiltration and potential public disclosure. Organizations in similar sectors should strengthen data protection practices, implement robust backups and offline copies, segment networks, and monitor for extortion-related indicators associated with groups like akira. The current dataset does not reveal a specific ransom amount.