Akira Ransomware

Akira Ransomware
    CERT-In has cautioned
      Internet users against Akira attack
    It is a computer malware
      Specifically a ransomware virus
        Ransomware definition
          Malware infecting victim systems
          Blocks victims from using own data
          Victim regains access only after paying ransom
    Targets Windows and Linux-based systems
    Accesses victims via VPN services
      Especially if multi-factor authentication isn't enabled
    Makes use of specific tools
      Tools often found in victim's environment
    On infiltrating a device
      Deletes Windows Shadow Volume Copies
        Backup copies of files for emergency data restoration
      Makes data recovery harder without paying ransom
    Proceeds to encrypt user's files
      Encryption definition
        Converting data into code
        Code can only be decrypted with specific key held by attackers
      Adds '.akira' extension to all encrypted files
    To ensure smooth encryption
      Stops certain active Windows services
        Uses Windows Restart Manager API
        Prevents potential disruption of encryption process
    Targets various folders on hard drive for encryption
      Avoids specific folders
        Recycle Bin
        System Volume Information
        Windows folders
      Avoidance ensures OS and essential functions are not disrupted
    Conducts double extortion to get victims to pay ransom
      After stealing personal information and encrypting data
    If ransom isn't paid
      Releases stolen data on the dark web
    CERT-In's suggestions for Akira protection
      Maintain basic online hygiene and protection protocols
      Maintain offline backups of important data
        Ensure backups are up to date
      Regularly update operating systems and applications
      Consider virtual patching for legacy systems and networks
        Legacy systems and networks definition
          Older/outdated infrastructure still in use
        Virtual patching definition
          Applying temporary or virtual fixes to software vulnerabilities
          Done without modifying the original source code or software
      Use strong password policies and multi-factor authentication
      Avoid updates/patches from unofficial channels

In recent news, CERT-In has issued a warning to internet users against Akira attacks.

What is Akira Ransomware?

  • Akira is a computer malware, specifically a ransomware virus.
  • Ransomware is a type of malware that infects victim systems and blocks the victims from using their own data.
  • The victim can regain access only upon paying the ransom.

How does Akira Operate?

  • Akira targets Windows and Linux-based systems.
  • It accesses victims via VPN services, especially when multi-factor authentication isn’t enabled.
  • It uses tools like AnyDesk, WinRAR, and PCHunter, which are often found in the victim’s environment.

Infiltration and Encryption

  • Upon infiltrating a device, Akira deletes the Windows Shadow Volume Copies, which are backup copies of files used for emergency data restoration.
  • After deleting the Shadow Volume Copies, it becomes harder for the user to recover their files without paying the ransom.
  • It then proceeds to encrypt the user’s files by converting data into a code that can only be decrypted with a specific key, which is held by the attackers.
  • During the encryption process, Akira adds a ‘.akira’ extension to the names of all encrypted files.
  • To ensure a smooth encryption without interruptions, the ransomware stops certain active Windows services using the Windows Restart Manager API. copyright©iasexpress.net

Targets and Extortion

  • Akira targets various folders on the hard drive to encrypt files but avoids specific folders such as ProgramData, Recycle Bin, Boot, System Volume Information, and Windows folders.
  • After stealing personal information and encrypting the data, it conducts double extortion to get the victims to pay the ransom.
  • If the victim refuses to pay the ransom, the stolen data is released on the dark web.

Prelims Sureshots – Most Probable Topics for UPSC Prelims

A Compilation of the Most Probable Topics for UPSC Prelims, including Schemes, Freedom Fighters, Judgments, Acts, National Parks, Government Agencies, Space Missions, and more. Get a guaranteed 120+ marks!

Protective Measures Against Akira

  • Maintain basic online hygiene and protection protocols.
  • Maintain offline backups of important data and ensure that these backups are up to date.
  • Regularly update operating systems and applications.
  • Consider ‘virtual patching’ to safeguard legacy systems and networks.
  • Use strong password policies and multi-factor authentication.
  • Avoid using updates/patches available in any unofficial channel.

With Akira ransomware posing a considerable threat to both Windows and Linux-based systems, adopting preventative measures recommended by CERT-In can significantly mitigate the risk of attacks. As always, maintaining online hygiene and staying updated on system patches is essential in combating such cybersecurity threats.


Your email address will not be published. Required fields are marked *