Courtesy by India today
“CERT-In Advisory: Akira Ransom ware Targets Windows and Linux Systems, Encrypts Victim’s Data, and Threatens Dark Web Release if Ransom is Unpaid.”
The government is warning users about the Akira ransom ware, which poses a threat to Windows and Linux systems. CERT-In has issued an advisory regarding this newly emerged internet ransom ware virus. Akira operates by stealing personal information from victims and encrypting their data, then demanding a ransom. If the victim refuses to pay, the group threatens to release the data on the dark web.
The advisory states that the ransom ware group gains access to victim environments through VPN services, particularly where multifactor authentication is not enabled. They utilize tools such as Any Desk, WinRAR, and PCHunter during the intrusion process, taking advantage of their common presence in the victim’s system without raising suspicion.
Akira begins its attack by deleting Windows Shadow Volume Copies on the infected device, followed by encrypting files with specific extensions and appending a ‘.akira’ extension to each encrypted file. During the encryption process, it shuts down active Windows services using the Windows Restart Manager API to avoid interference. Notably, Akira refrains from modifying critical Windows system files to maintain system stability.
To safeguard against Akira, users are advised to practice basic online hygiene and protection protocols. Maintaining offline backups of important data and keeping them up-to-date is crucial to prevent data loss in case of infection. Regularly updating operating systems and applications, as well as using virtual patching to protect legacy systems and networks, are essential precautions. Implementing strong password policies, enabling multi-factor authentication, and avoiding unofficial channels for updates and patches are other measures recommended to stay safe from cyber and ransom ware attacks.
