Ransomware Group: AKIRA

VICTIM NAME: Ranshu, Meridian Auto Parts, Visionaire,Omega enviromenta technologies, Ap Air

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page identifies the victim as Ranshu, Meridian Auto Parts, Visionaire, Omega enviromenta technologies, Ap Air. The post appears linked to the akira group and is set within the United States manufacturing sector. It states that roughly 47 GB of data from a group of auto parts related companies will be uploaded, indicating a data exfiltration event rather than a traditional ransomware encryption incident. The described materials are presented as highly sensitive, including internal employee information (such as dates of birth and driver’s license numbers), HR files, financial and accounting records, contracts and agreements, engineering drawings and specifications, corporate credit card details, scans of documents containing personal information, and customer data. The leak page notes that a claim URL is present, but no actual link is provided in this summary. Metadata for the post shows no attached images or screenshots on the page.

There is no explicit ransom amount or encryption status stated in the post, and the provided metadata lists the impact field as empty. The content emphasizes the release of a large data set rather than the encryption of systems, which aligns with data-leak or double-extortion patterns seen in ransomware activity. No actual images or downloadable files are indicated by the metadata, as the page shows zero images and zero downloads; however, the description suggests an intention to publish a broad set of data spanning multiple auto parts related entities. As such, the incident underscores the ongoing risk to manufacturing firms handling sensitive personnel, financial, contractual, and customer information.

Notes: The post date is August 14, 2025, and the victim name field lists multiple entities as the affected party. The page is US-based and cites the akira group as the actor. While the page claims a data dump of approximately 47 GB and a present claim URL, no direct link or image evidence is provided in the available data. PII and sensitive internal data are referenced, but any specific identifiers have been redacted in this summary.