The Akira ransomware group has publicly claimed to have exfiltrated 23GB of data from Apache OpenOffice, an assertion that remains unconfirmed by the Apache Software Foundation. This alleged breach, if verified, could expose sensitive internal documentation, including employee and financial records, posing a significant concern for the organization’s internal security protocols.
The claim, detailed by the Akira ransomware group, specifies the alleged theft of employee information such as physical addresses, phone numbers, driver’s licenses, social security cards, and credit card details, alongside financial records, confidential internal files, and application problem reports. As of the latest reports, the Apache Software Foundation has not issued a statement confirming or denying these allegations. While the potential exposure of internal development data or contributor information is notable, OpenOffice users are unlikely to be directly impacted due to the separation of download infrastructure from the development servers.
Akira, which emerged as a ransomware-as-a-service (RaaS) operation in early 2023, has rapidly escalated its activities, reportedly conducting hundreds of attacks globally and accumulating tens of millions of dollars in ransom payments Hackread.com. The group employs a double extortion strategy, first stealing data and then encrypting victim systems, threatening to publish the exfiltrated information if a ransom is not paid Hackread.com. Akira operates with distinct ransomware variants designed for both Windows and Linux/VMware ESXi environments Hackread.com. This activity highlights the growing threat of ransomware operations. The group is known to communicate in Russian within dark web forums and reportedly avoids targeting systems configured with Russian language keyboard layouts Hackread.com.
The Akira ransomware group stated, “We will upload 23 GB of corporate documents soon. Employee information (addresses, phones, DOB, driver’s licenses, social security cards, credit cards information and so on), financial information, internal confidential files, lots of reports about their problems with the application and so on,” as quoted in a report Hackread.com. A Bitdefender Threat Debrief report from March 2025 was also cited as noting Akira’s capability to hack webcams of its victims Hackread.com. For more information on similar threats, see our article on Qilin Ransomware. For users of Apache OpenOffice, it is always recommended to download the software exclusively from the official website to mitigate risks associated with third-party distributions.
The situation underscores the ongoing challenges faced by organizations in safeguarding their digital assets against sophisticated ransomware threats, even as the specific claims in this instance await independent verification.