Why in news:
- The Computer Emergency Response Team of India issued an alert for the ransomware dubbed “Akira.”
- The ransomware, found to target both Windows and Linux devices, steals and encrypts data, forcing victims to pay double ransom for decryption and recovery.
What is the Akira ransomware?
- The Akira ransomware is designed to encrypt data, create a ransomware note and delete Windows Shadow Volume copies on affected devices.
- The ransomware gets its name due to its ability to modify filenames of all encrypted files by appending them with the “.akira”
- The ransomware is designed to close processes or shut down Windows services that may keep it from encrypting files on the affected system.
- It uses VPN services, especially when users have not enabled twofactor authentication, to trick users into downloading malicious files.
How does Akira ransomware work?
- The ransomware also terminates active Windows services using the Windows Restart Manager API, preventing any interference with the encryption process.
- It is designed to not encrypt Program Data, Recycle Bin, Boot, System Volume information, and other folders instrumental in system stability.
How does ransomware infect devices?
- Ransomware is typically spread through spear phishing emails that contain malicious attachments in the form of archived content (zip/rar) files.
- Other methods used to infect devices include drivebydownload, a cyberattack that unintentionally downloads malicious code onto a device, and specially crafted web links in emails, clicking on which downloads malicious code.
- The ransomware reportedly also spreads through insecure Remote Desktop connections.
What can users do to protect against ransomware?
- CERTIn has advised users to follow basic internet hygiene and protection protocols to ensure their security against ransomware.
- These include maintaining up to date offline backups of critical data, to prevent data loss in the event of an attack.
- Additionally, users are advised to ensure all operating systems and networks are updated regularly, with virtual patching for legacy systems and networks.
- Companies must also establish Domainbased Message Authentication, Reporting, and Conformance, Domain Keys Identified Mail (DKIM), and Sender policy for organisational email validation, which prevents spam by detecting email spoofing. Strong password policies and multifactor authentication (MFA) must be enforced.