Ransomware Group: AKIRA

VICTIM NAME: Art Guild

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Art Guild, a United States-based provider of face-to-face marketing and educational programs, is identified as the victim on the leak page. The post asserts that attackers gained access to Art Guild’s networks and are prepared to upload 24 GB of corporate documents. The materials described include HR files containing personal data (such as dates of birth, addresses, and contact numbers), client data, financial records, contracts, confidential project files, and NDAs. The page frames this as a data-leak event rather than a full encryption of systems, signaling data exfiltration and the potential for public release or sale of the information. Personal data fields are redacted in the narrative to protect privacy.

Post date: October 14, 2025. The leak page does not provide an explicit compromise date beyond this timestamp. No ransom amount or demand is stated, and there are no visible downloadable assets or instructions on the page. The post includes no screenshots or images, and there is no evidence of active media linked from the excerpt. The content describes a data-leak scenario for Art Guild rather than encryption of its systems.

In summary, the page centers on Art Guild and describes a potential exfiltration of up to 24 GB of internal documents, notably HR records with private identifiers. This incident highlights the risk to employee data in ransomware operations and demonstrates how actors leverage data leaks alongside intrusion activity. No explicit ransom figures are disclosed in the available data, and the page provides no imagery to corroborate the claim.