[AKIRA] – Ransomware Victim: G & H Distributing

AI Generated Summary of the Ransomware Leak Page

On October 29, 2025, a ransomware leak post attributed to the threat group Akira targets G & H Distributing. The victim is described on the leak page as a prominent agricultural and industrial supply distributor based in South Dakota, with retail and wholesale operations. The post frames the incident as a data-exfiltration event rather than a conventional encryption, and states that corporate documents will be uploaded in the near term. The attackers claim access to sensitive employee information, noting that payroll-related 2-9 forms containing addresses, phones, emails, and other personal details may be exposed, in addition to internal accounting files, project data, and client information. The post signals that additional documents will be released in the future, indicating ongoing exfiltration activity. There is no ransom amount listed on the page, and there are no screenshots or images currently presented. The post date is October 29, 2025, and no separate compromise date is provided on the page, so the post date is treated as the publish date.

The leak page’s content implies a risk to employee personal information and internal corporate records if the data is released publicly, given references to payroll records and internal files. However, no actual files, images, or media are visible on the page at this time. The page is attributed to the Akira threat group, and there is no stated ransom figure or encryption claim on this post. The description notes that “corporate documents” will be uploaded soon, suggesting an ongoing data-exfiltration campaign rather than a completed encryption incident. Security observers should monitor for subsequent postings from the same actor for potential additional material and to assess any real-world exposure or notification requirements for the victim.