Understand the New Devastating Akira Ransomware

The Akira Ransomware

The Computer Emergency Response Team (Cert) of India has issued an alert for the Akira ransomware.

Akira ransomware poses a significant threat to both Windows and Linux systems, targeting organizations of all sizes. This dangerous strain of malware employs a double-extortion technique, encrypting personal data and demanding a ransom for its release.

Akira Ransomware Overview

ParticularsDetails
NameAkira Ransomware
TargetsWindows and Linux-based systems
Extortion TypeDouble Extortion
Infection ModeVia VPN services, Misused tools like AnyDesk, WinRAR, PCHunter
Extortion MechanismEncrypt victim’s data, demand ransom, threat of releasing data on dark web

Spread through spear phishing emails and drive-by-download attacks, Akira can cause devastating consequences, including data and reputation loss, operational disruptions, and financial damages.

This article aims to provide valuable insights into the Akira ransomware, its infection methods, and essential protection measures that organizations should adopt to safeguard against this growing cyber threat.

Key Takeaways

  • Akira is a new family of ransomware that targets both Windows and Linux-based systems.
  • Akira uses a double-extortion technique to increase the chances of extracting money.
  • Protection measures against Akira attacks include maintaining up-to-date offline backups, regularly updating operating systems and networks, implementing email validation protocols, enforcing strong password policies, and enabling multi-factor authentication.
  • Additional protection measures against Akira attacks include implementing data encryption, blocking specific attachment file types, avoiding clicking on suspicious links, and conducting regular security audits.

What is Akira?

Akira is a newly identified ransomware family that targets both Windows and Linux-based systems. It employs a double-extortion technique to encrypt personal data and extort money from victims, particularly impacting small to medium-scale businesses.

This ransomware has gained attention due to its ability to steal sensitive information and its disruptive impact on targeted organizations. It spreads through various channels, including spear phishing emails with malicious attachments, drive-by-download attacks, and insecure Remote Desktop connections.

To protect against Akira attacks, organizations are advised to implement measures such as maintaining up-to-date offline backups, regularly updating operating systems and networks, enforcing strong password policies, and enabling multi-factor authentication.

Additional protection measures include implementing data-at-rest and data-in-transit encryption, blocking attachment file types with specific extensions, and conducting regular security audits.

Akira ransomware mechanism
Akira ransomware mechanism

Infection Methods

Akira Ransomware Infection Mechanism

StepsDescription
Step 1Execution of Akira ransomware sample
Step 2Deletion of Windows Shadow Volume Copies
Step 3Encryption of files with predefined extensions, append ‘.akira’ to file names
Step 4Termination of active Windows services using Restart Manager API
Step 5Encryption of files in hard drive folders, exclusion of some system folders

Spread through spear phishing emails with malicious attachments, the ransomware infection method of Akira involves the utilization of archived content files such as zip or rar as the means to infiltrate systems. This technique allows the attackers to disguise the malicious code within seemingly harmless files, increasing the likelihood of successful infection.

In addition, Akira can also be downloaded unintentionally through drive-by-download attacks, where users unknowingly visit compromised websites that automatically initiate the download of the ransomware. Specially crafted web links in emails can also lead to the download of malicious code.

It has also been reported that Akira spreads through insecure Remote Desktop connections, highlighting the importance of securing remote access systems.

File types not modified by Akira Ransomware

File TypeExtension
System files.sys
Windows installer package.msi
Dynamic-link library files.dll
Shortcut files.lnk
Executable files.exe

Protection Measures

CERT-In has recommended users to follow basic internet hygiene and protection protocols. To enhance security against ransomware attacks, organizations should prioritize the implementation of robust protection measures. These measures include:

  • Maintaining up-to-date offline backups and regularly updating operating systems and networks.
  • Implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC), Domain Keys Identified Mail (DKIM), and Sender Policy Framework (SPF) for email validation.
  • Enforcing strong password policies and multi-factor authentication (MFA).
  • Establishing a strict external device usage policy and implementing data-at-rest and data-in-transit encryption.
  • Blocking attachment file types with extensions such as .exe, .pif, or .url to prevent unintentional downloads of malicious code.
  • Avoiding clicking on suspicious links and conducting regular security audits, especially for database servers.

By implementing these protection measures, organizations can significantly reduce their vulnerability to Akira ransomware attacks.

Share This Article
UCN Team
UCN Team

UCN Team: Combining expertise in UPSC Exams and Tech to deliver high-resolution, insightful content for aspiring civil servants

Leave a Reply

Your email address will not be published. Required fields are marked *