Ransomware Group: AKIRA

VICTIM NAME: King Industries Inc[.]

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to King Industries, Inc., a company specializing in the design, manufacturing, and distribution of additives used in various industries worldwide. The company produces products such as engine oils, greases, hydraulic oils, paints, coatings, and rubber goods. The breach appears to have resulted in the exposure of a substantial volume of sensitive corporate data, totaling over 260 gigabytes. This data includes corporate non-disclosure agreements, passport scans, medical documents, contact information for employees and customers, as well as financial records like audits and payment reports. The attack was publicly discovered on April 15, 2025, and the published compromise date is the same, indicating the breach was likely recent at the time of leak.

The leak page announces the imminent upload of the stolen data, which threatens to expose confidential internal documents and personal information. Although no specific download links or direct evidence of data distribution are provided publicly, the nature and volume of leaked data suggest a significant security breach. The incident underscores the importance of robust cybersecurity measures for companies handling sensitive corporate and personal data. The page includes visual evidence such as screenshots of internal files, further emphasizing the severity of the breach. No additional details about the attackers or their demands are disclosed on the page, but the leak indicates the breach was carried out by the group known as “akira.”