Ransomware Group: AKIRA

VICTIM NAME: NC Dynamics LLC

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

NC Dynamics LLC, a United States-based full-service manufacturing facility specializing in high-speed machining—including 3-, 4-, and 5-axis milling, CNC turning, and assembly—appears on a ransomware leak page attributed to the threat actor group ‘akira’. The post is dated August 20, 2025, and identifies NC Dynamics LLC as a victim. The attackers claim they will upload roughly 30 GB of corporate files, signaling a data-leak incident rather than a traditional encryption event. The description enumerates the data types allegedly at risk: employee information (dates of birth, email addresses, home addresses, Social Security numbers, phone numbers, and other identifiers), HR records, detailed financial and accounting data, payment details, lists of agreements and contracts, credit card details, scans of documents containing personal information, employee financial information, drawings, and NDAs. Taken together, the page frames the operation as exfiltration with potential public release, aligning with double-extortion patterns commonly observed in ransomware campaigns.

From a content perspective, the leak page shows no visual evidence such as screenshots or images—the annotations indicate zero images. A claim URL is indicated as present on the page, but no direct link is provided in this summary. The data provided does not include a ransom demand or encryption claim; no explicit compromise date is stated beyond the post date, which is August 20, 2025. The page focuses on data exposure rather than immediate system encryption, with the described data types implying substantial exposure of internal records and sensitive personnel information.

CTI takeaway: If NC Dynamics LLC indeed experiences a data leak of up to approximately 30 GB of internal records, the threat to employees and the organization could be significant due to exposure of PII, HR data, financial records, and contractual documents. The combination of personal data and financial information raises risks of identity theft, fraud, and regulatory concerns for data protection. The post is associated with threat actor group ‘akira’, signaling a known ransomware actor, and the presence of a claim URL indicates a tactic to direct attention to the leaked materials. The lack of an explicit ransom amount in the provided data does not preclude ongoing negotiations or future updates; defenders should monitor for any new indicators of exfiltration, and the organization should review access controls, monitor for credential misuse, and prepare for potential data breach notifications.