Ransomware Group: AKIRA

VICTIM NAME: MGM Transformer

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to MGM Transformers, a manufacturing company based in the United States. The company specializes in producing various types of transformers, including medium voltage dry type, oil-filled, and custom solutions, with clients spanning sectors such as data centers, renewable energy, commercial, industrial, and utilities. The breach was discovered on August 6, 2025, and appears to be part of the activity linked to the hacking group “akira”. The leak includes an extensive volume of over 60GB of potentially sensitive corporate files, such as financial documents, audit reports, invoices, and confidential internal records. Personal data, including employee and customer information like medical records, passports, driver’s licenses, social security numbers, and other documents, are at risk. The threat actors have expressed readiness to release this data publicly, posing significant privacy and security concerns for MGM Transformers and its stakeholders.

The leak page contains no direct evidence of uploaded files or accessible download links at the current time, but indicates that a substantial cache of data is targeted for release. The breach’s discovery timestamp, along with the mention of data types involved, suggests a serious data exfiltration incident with potential implications for corporate confidentiality and operational security. The website includes screenshots of internal documents, underscoring the serious nature of the compromise. The attack date being in the future, August 6, 2025, indicates the leak may have been scheduled or is ongoing, with the group “akira” actively involved. No additional press or media coverage details are provided on the page, but the leak’s existence highlights the ongoing threat of ransomware to manufacturing firms and the critical importance of robust cybersecurity measures.