[AKIRA] – Ransomware Victim: Curtis Steel Co

AI Generated Summary of the Ransomware Leak Page

On October 17, 2025, a ransomware leak post identifies Curtis Steel Co as a victim, attributed to the threat actor group akira. The company is described as a Las Vegas-based manufacturing tubing supplier offering aluminum, carbon steel, stainless steel, and welding supplies, along with precision services such as steel cutting, laser cutting, metal drilling, and hole punching, with operations dating back to 1970. The leak page frames the incident as a data exfiltration and data-leak event rather than a purely encryption-focused attack, signaling a data-theft scenario consistent with modern ransomware campaigns. The page states that the attackers are ready to upload more than 20GB of data, indicating a substantial exfiltration volume and a willingness to publicly release or otherwise leverage the stolen information in extortion. No ransom amount is visible in the post text, which centers on the scope of compromised data rather than a specified demand.

According to the leak description, the data targeted for disclosure includes sensitive corporate documents such as financial data (audits, payment details, financial reports, invoices) and highly detailed employee and customer information, including types of personal data like driver’s license numbers, Social Security Numbers, medical information, emails, and phone numbers, as well as NDAs and other confidential documents. The page notes there are no visible images or screenshots on the leak post itself, and there is no posted website link. The post date is listed as October 17, 2025, which is treated as the leak’s posting date in the absence of a separate compromise date. This event highlights ongoing ransomware risk to the US manufacturing sector, particularly for firms handling extensive supplier and customer data, and aligns with observed double-extortion patterns in contemporary campaigns.