The Akira group operates using a double extortion model, where they not only encrypt a victim's files but also exfiltrate sensitive data. If the victim refuses to pay the ransom, the group threatens to leak the stolen data on their specialized Tor-based leak site.

: Security researchers have noted significant similarities between Akira and the defunct Conti ransomware group, including code overlaps and the use of similar ransom payment addresses. Significance of ".7z" Archives in Cyberattacks

: Victims are pressured to pay twice—once for the decryption key and once to ensure their stolen data is deleted and not leaked.