skira
Ransomware group profile
1Victims
RussiaSource country
44Impact score
Also Known As
SKIRA TEAM
Description
Skira is an emerging ransomware group that surfaced in December 2024, primarily motivated by financial gain. They utilize a dual extortion strategy that includes data encryption and the threat of public exposure of sensitive information, often targeting critical infrastructure.
Key insights
- •Employs a dual extortion model combining encryption with data exfiltration.
- •Targets critical technology infrastructure, such as VMware ESXi and Microsoft Exchange servers.
- •Uses public shaming tactics through dedicated leak sites to compel ransom payments.
- •Focuses on exfiltrating large volumes of data to exert pressure on victims.
- •Has been operating since late 2024 with significant impact across multiple sectors.
Threat Level & Status Breakdown
For skira · Based on incidents in selected period
0.1threat level
Aggressiveness0.3/ 10
Lethality0/ 10
Criticality0/ 10
Status Breakdown
Claimed100.0%1
First seenNov 2025
Last seenNov 2025
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for skira in the selected period
1Total attacks
1peak in Nov
1avg / month
No intelligence data for this group.
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for skira
Other
T1486
T1486
T1490
T1490
T1562
T1562
T1036
T1036
T1078
T1078
T1021
T1021
T1041
T1041
T1059
T1059
T1021.001
T1021.001
T1218
T1218
T1003
T1003
T1047
T1047
Victims(1)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| INNOVEX HOLDINGS CO., LTD | innovey.co.th | JP Japan | Technology | Claimed | 7 months ago |
Affected countries(16)
Countries where this group has been reported to target or leak victims.