Hackers have struck again. The notorious Akira ransomware group claims they’ve made off with 23GB of data from Apache OpenOffice. These cybercriminals don’t mess around—they’re saying they nabbed everything from employee records with home addresses to social security numbers and credit card details. Even financial records and confidential internal documents weren’t spared. Not exactly a minor breach, if true.
Another day, another data heist. Akira’s latest claim? 23GB of OpenOffice secrets—from employee SSNs to financial records.
The group is flaunting their supposed haul, which allegedly includes numerous reports about problems with the OpenOffice application. Classic extortion move: they’re threatening to dump everything on their dark web leak site if Apache OpenOffice doesn’t play ball. Pretty bold.
Here’s the thing though—the Apache Software Foundation hasn’t confirmed any of this yet. Zero. Zilch. No acknowledgment of a breach or stolen data. Users can breathe a small sigh of relief since there’s no evidence that actual installations or user data have been compromised. The foundation maintains separate download infrastructure from their development servers, which adds a layer of protection for end users.
Still, security folks are recommending the obvious: only download OpenOffice from the official website. Duh.
Akira isn’t some amateur operation. These guys emerged in March 2023 and have already hit over 250 organizations globally. Their ransom demands? Anywhere from $200,000 to a whopping $4 million. They’re fans of the “double extortion” approach—steal your data AND encrypt your systems. Nasty stuff.
Their toolkit is pretty sophisticated. Mimikatz, LaZagne, FileZilla—they use publicly available tools to do their dirty work. The group deliberately avoids targeting systems with Russian language keyboards, suggesting their potential geographic origins.
They’ve been particularly active since July 2025, targeting SonicWall SSL VPN accounts and exploiting various vulnerabilities in Cisco systems.
What’s scary is their efficiency. Some attacks go from initial access to encryption in under four hours. In one case, just 55 minutes. That’s barely enough time to finish your coffee, let alone detect an intruder.
For now, everyone’s waiting for confirmation. Is this a legitimate breach or just another bluff? Time will tell.
