Register For UPSC IAS New Batch

Akira ransomware

For Latest Updates, Current Affairs & Knowledgeable Content.

Akira ransomware

Why in news:

  • The Computer Emergency Response Team of India issued an alert for the ransomware dubbed “Akira.”
  • The ransomware, found to target both Windows and Linux devices, steals and encrypts data, forcing victims to pay double ransom for decryption and recovery.

What is the Akira ransomware?

  • The Akira ransomware is designed to encrypt data, create a ransomware note and delete Windows Shadow Volume copies on affected devices.
  • The ransomware gets its name due to its ability to modify filenames of all encrypted files by appending them with the “.akira”
  • The ransomware is designed to close processes or shut down Windows services that may keep it from encrypting files on the affected system.
  • It uses VPN services, especially when users have not enabled two­factor authentication, to trick users into downloading malicious files.

How does Akira ransomware work?

  • The ransomware also terminates active Windows services using the Windows Restart Manager API, preventing any interference with the encryption process.
  • It is designed to not encrypt Program Data, Recycle Bin, Boot, System Volume information, and other folders instrumental in system stability.

How does ransomware infect devices?

  • Ransomware is typically spread through spear phishing emails that contain malicious attachments in the form of archived content (zip/rar) files.
  • Other methods used to infect devices include drive­by­download, a cyber­attack that unintentionally downloads malicious code onto a device, and specially crafted web links in emails, clicking on which downloads malicious code.
  • The ransomware reportedly also spreads through insecure Remote Desktop connections.

What can users do to protect against ransomware?

  • CERT­In has advised users to follow basic internet hygiene and protection protocols to ensure their security against ransomware.
  • These include maintaining up to date offline backups of critical data, to prevent data loss in the event of an attack.
  • Additionally, users are advised to ensure all operating systems and networks are updated regularly, with virtual patching for legacy systems and networks.
  • Companies must also establish Domain­based Message Authentication, Reporting, and Conformance, Domain Keys Identified Mail (DKIM), and Sender policy for organisational email validation, which prevents spam by detecting email spoofing. Strong password policies and multi­factor authentication (MFA) must be enforced.

Syllabus: Prelims

Any Doubts ? Connect With Us.

Join Our Channels

For Latest Updates & Daily Current Affairs

Related Links

Connect With US Socially

Request Callback

Fill out the form, and we will be in touch shortly.

Call Now Button