Ransomware: akira claims Vacu - Lug (GB) — Manufacturing

On 18 May 2026, the ransomware group Akira published a claim of responsibility for an attack on Vacu-Lug (GB), a manufacturing company. This disclosure was made on the ransomware.live leak site, indicating that the group has exfiltrated data and is threatening to release it unless a ransom is paid. The incident falls under the BREACH framework, which typically involves unauthorized access and data exposure, triggering notification obligations under EU data protection and cybersecurity regulations.

This event directly affects Vacu-Lug and the broader manufacturing sector, particularly companies in the UK and EU that handle sensitive operational or customer data. Manufacturing firms are increasingly targeted due to their reliance on legacy systems and critical supply chain dependencies. Any organization in this sector should treat this as a sector-wide alert, as similar attacks may follow.

Compliance teams should immediately verify whether their organization has any exposure to Akira or similar ransomware variants, review incident response plans, and ensure data breach notification procedures are up to date under GDPR and NIS2. They should also assess third-party risks, especially if Vacu-Lug is a supplier or partner. Finally, teams should reinforce employee training on phishing and credential security, as these are common entry vectors for ransomware groups like Akira.