Akira ransomware

Akira ransomware

Why in news:

• The Computer Emergency Response Team of India issued an alert for the ransomware dubbed “Akira.”
• The ransomware, found to target both Windows and Linux devices, steals and encrypts data, forcing victims to pay double ransom for decryption and recovery.

What is the Akira ransomware?

• The Akira ransomware is designed to encrypt data, create a ransomware note and delete Windows Shadow Volume copies on affected devices.
• The ransomware gets its name due to its ability to modify filenames of all encrypted files by appending them with the “.akira”
• The ransomware is designed to close processes or shut down Windows services that may keep it from encrypting files on the affected system.
• It uses VPN services, especially when users have not enabled two­factor authentication, to trick users into downloading malicious files.

How does Akira ransomware work?

• The ransomware also terminates active Windows services using the Windows Restart Manager API, preventing any interference with the encryption process.
• It is designed to not encrypt Program Data, Recycle Bin, Boot, System Volume information, and other folders instrumental in system stability.

How does ransomware infect devices?

• Ransomware is typically spread through spear phishing emails that contain malicious attachments in the form of archived content (zip/rar) files.
• Other methods used to infect devices include drive­by­download, a cyber­attack that unintentionally downloads malicious code onto a device, and specially crafted web links in emails, clicking on which downloads malicious code.
• The ransomware reportedly also spreads through insecure Remote Desktop connections.

What can users do to protect against ransomware?

• CERT­In has advised users to follow basic internet hygiene and protection protocols to ensure their security against ransomware.
• These include maintaining up to date offline backups of critical data, to prevent data loss in the event of an attack.
• Additionally, users are advised to ensure all operating systems and networks are updated regularly, with virtual patching for legacy systems and networks.
• Companies must also establish Domain­based Message Authentication, Reporting, and Conformance, Domain Keys Identified Mail (DKIM), and Sender policy for organisational email validation, which prevents spam by detecting email spoofing. Strong password policies and multi­factor authentication (MFA) must be enforced.

Syllabus: Prelims