Akira Ransomware

Swetha 25/07/2023
0 Comments
Akira Ransomware News CERT-In has cautioned Internet users against Akira attack What It is a computer malware Specifically a ransomware virus Ransomware definition Malware infecting victim systems Blocks victims from using own data Victim regains access only after paying ransom How Targets Windows and Linux-based systems Accesses victims via VPN services Especially if multi-factor authentication isn't enabled Makes use of specific tools AnyDesk WinRAR PCHunter Tools often found in victim's environment On infiltrating a device Deletes Windows Shadow Volume Copies Backup copies of files for emergency data restoration Makes data recovery harder without paying ransom Proceeds to encrypt user's files Encryption definition Converting data into code Code can only be decrypted with specific key held by attackers Adds '.akira' extension to all encrypted files To ensure smooth encryption Stops certain active Windows services Uses Windows Restart Manager API Prevents potential disruption of encryption process Targets various folders on hard drive for encryption Avoids specific folders ProgramData Recycle Bin Boot System Volume Information Windows folders Avoidance ensures OS and essential functions are not disrupted Conducts double extortion to get victims to pay ransom After stealing personal information and encrypting data If ransom isn't paid Releases stolen data on the dark web Facts CERT-In's suggestions for Akira protection Maintain basic online hygiene and protection protocols Maintain offline backups of important data Ensure backups are up to date Regularly update operating systems and applications Consider virtual patching for legacy systems and networks Legacy systems and networks definition Older/outdated infrastructure still in use Virtual patching definition Applying temporary or virtual fixes to software vulnerabilities Done without modifying the original source code or software Use strong password policies and multi-factor authentication Avoid updates/patches from unofficial channels

In recent news, CERT-In has issued a warning to internet users against Akira attacks.

What is Akira Ransomware?

  • Akira is a computer malware, specifically a ransomware virus.
  • Ransomware is a type of malware that infects victim systems and blocks the victims from using their own data.
  • The victim can regain access only upon paying the ransom.

How does Akira Operate?

  • Akira targets Windows and Linux-based systems.
  • It accesses victims via VPN services, especially when multi-factor authentication isn’t enabled.
  • It uses tools like AnyDesk, WinRAR, and PCHunter, which are often found in the victim’s environment.

Infiltration and Encryption

  • Upon infiltrating a device, Akira deletes the Windows Shadow Volume Copies, which are backup copies of files used for emergency data restoration.
  • After deleting the Shadow Volume Copies, it becomes harder for the user to recover their files without paying the ransom.
  • It then proceeds to encrypt the user’s files by converting data into a code that can only be decrypted with a specific key, which is held by the attackers.
  • During the encryption process, Akira adds a ‘.akira’ extension to the names of all encrypted files.
  • To ensure a smooth encryption without interruptions, the ransomware stops certain active Windows services using the Windows Restart Manager API. copyright©iasexpress.net

Targets and Extortion

  • Akira targets various folders on the hard drive to encrypt files but avoids specific folders such as ProgramData, Recycle Bin, Boot, System Volume Information, and Windows folders.
  • After stealing personal information and encrypting the data, it conducts double extortion to get the victims to pay the ransom.
  • If the victim refuses to pay the ransom, the stolen data is released on the dark web.

Prelims Sureshots – Most Probable Topics for UPSC Prelims

A Compilation of the Most Probable Topics for UPSC Prelims, including Schemes, Freedom Fighters, Judgments, Acts, National Parks, Government Agencies, Space Missions, and more. Get a guaranteed 120+ marks!

Protective Measures Against Akira

  • Maintain basic online hygiene and protection protocols.
  • Maintain offline backups of important data and ensure that these backups are up to date.
  • Regularly update operating systems and applications.
  • Consider ‘virtual patching’ to safeguard legacy systems and networks.
  • Use strong password policies and multi-factor authentication.
  • Avoid using updates/patches available in any unofficial channel.

With Akira ransomware posing a considerable threat to both Windows and Linux-based systems, adopting preventative measures recommended by CERT-In can significantly mitigate the risk of attacks. As always, maintaining online hygiene and staying updated on system patches is essential in combating such cybersecurity threats.

Learn More

Categories: [GS3] Challenges to internal security through communication networks, Computer & Information Technology (IT)
Tags: ,

Responses

Your email address will not be published. Required fields are marked *

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups

Please allow a few minutes for this process to complete.

Report

You have already reported this .