Ransomware Group: AKIRA

VICTIM NAME: Cevital

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 13, 2025, a leak page associated with the AKIRA ransomware group identifies Cevital as the victim. Cevital is a holding company headquartered in Algiers, Algeria, with diversified interests spanning food processing and mass distribution to electronics and domestic appliances, as well as metals, glass, construction, automotive, services, and media. The post frames the incident as a data breach and states that the attackers intend to upload company data in the near future. The metadata aligns the victim with the Agriculture and Food Production sector.

According to the post, the attackers claim to have exfiltrated or will publish financial data (audits and invoices), project details, and personal financial details of employees, along with accounting files. This indicates a data-leak scenario consistent with ransomware double-extortion patterns. The page notes the presence of a claim URL, but there are no visible screenshots or images on the page, and no downloads or external links are shown in the post. The page presents no actual data files or media at this time, suggesting this may be an initial teaser rather than a full data dump.

The post is dated August 13, 2025, and, in the absence of a separate compromise date in the provided data, this date should be considered the post date. The content centers on Cevital’s business footprint and the attackers’ stated intent to disclose sensitive financial information and employee data, which could have implications for both corporate risk and regulatory compliance. No on-page data or media are currently accessible beyond the stated claims, reinforcing that this is a preliminary disclosure as the attackers potentially prepare additional material for release via the claim URL.