The Akira group operates using a double extortion model, where they not only encrypt a victim's files but also exfiltrate sensitive data. If the victim refuses to pay the ransom, the group threatens to leak the stolen data on their specialized Tor-based leak site.
The use of the .7z extension (associated with the 7-Zip utility) is a common tactic for threat actors. Akira Ransomware - HHS.gov akira paid log.7z
: Security researchers have noted significant similarities between Akira and the defunct Conti ransomware group, including code overlaps and the use of similar ransom payment addresses. Significance of ".7z" Archives in Cyberattacks The Akira group operates using a double extortion