Akira Ransomware

Akira Ransomware
CERT-In has cautioned
Internet users against Akira attack
It is a computer malware
Specifically a ransomware virus
Ransomware definition
Malware infecting victim systems
Blocks victims from using own data
Victim regains access only after paying ransom
Targets Windows and Linux-based systems
Accesses victims via VPN services
Especially if multi-factor authentication isn't enabled
Makes use of specific tools
Tools often found in victim's environment
On infiltrating a device
Deletes Windows Shadow Volume Copies
Backup copies of files for emergency data restoration
Makes data recovery harder without paying ransom
Proceeds to encrypt user's files
Encryption definition
Converting data into code
Code can only be decrypted with specific key held by attackers
Adds '.akira' extension to all encrypted files
To ensure smooth encryption
Stops certain active Windows services
Uses Windows Restart Manager API
Prevents potential disruption of encryption process
Targets various folders on hard drive for encryption
Avoids specific folders
Recycle Bin
System Volume Information
Windows folders
Avoidance ensures OS and essential functions are not disrupted
Conducts double extortion to get victims to pay ransom
After stealing personal information and encrypting data
If ransom isn't paid
Releases stolen data on the dark web
CERT-In's suggestions for Akira protection
Maintain basic online hygiene and protection protocols
Maintain offline backups of important data
Ensure backups are up to date
Regularly update operating systems and applications
Consider virtual patching for legacy systems and networks
Legacy systems and networks definition
Older/outdated infrastructure still in use
Virtual patching definition
Applying temporary or virtual fixes to software vulnerabilities
Done without modifying the original source code or software
Use strong password policies and multi-factor authentication
Avoid updates/patches from unofficial channels

In recent news, CERT-In has issued a warning to internet users against Akira attacks.

This topic of “Akira Ransomware” is important from the perspective of the UPSC IAS Examination, which falls under General Studies Portion.

What is Akira Ransomware?

  • Akira is a computer malware, specifically a ransomware virus.
  • Ransomware is a type of malware that infects victim systems and blocks the victims from using their own data.
  • The victim can regain access only upon paying the ransom.

How does Akira Operate?

  • Akira targets Windows and Linux-based systems.
  • It accesses victims via VPN services, especially when multi-factor authentication isn’t enabled.
  • It uses tools like AnyDesk, WinRAR, and PCHunter, which are often found in the victim’s environment.

Infiltration and Encryption

  • Upon infiltrating a device, Akira deletes the Windows Shadow Volume Copies, which are backup copies of files used for emergency data restoration.
  • After deleting the Shadow Volume Copies, it becomes harder for the user to recover their files without paying the ransom.
  • It then proceeds to encrypt the user’s files by converting data into a code that can only be decrypted with a specific key, which is held by the attackers.
  • During the encryption process, Akira adds a ‘.akira’ extension to the names of all encrypted files.
  • To ensure a smooth encryption without interruptions, the ransomware stops certain active Windows services using the Windows Restart Manager API.

Targets and Extortion

  • Akira targets various folders on the hard drive to encrypt files but avoids specific folders such as ProgramData, Recycle Bin, Boot, System Volume Information, and Windows folders.
  • After stealing personal information and encrypting the data, it conducts double extortion to get the victims to pay the ransom.
  • If the victim refuses to pay the ransom, the stolen data is released on the dark web.

Protective Measures Against Akira

  • Maintain basic online hygiene and protection protocols.
  • Maintain offline backups of important data and ensure that these backups are up to date.
  • Regularly update operating systems and applications.
  • Consider ‘virtual patching’ to safeguard legacy systems and networks.
  • Use strong password policies and multi-factor authentication.
  • Avoid using updates/patches available in any unofficial channel.

With Akira ransomware posing a considerable threat to both Windows and Linux-based systems, adopting preventative measures recommended by CERT-In can significantly mitigate the risk of attacks. As always, maintaining online hygiene and staying updated on system patches is essential in combating such cybersecurity threats.

Related Posts

Notify of
Inline Feedbacks
View all comments
Home Courses Plans Account