Latest Topics in News
Understand the New Devastating Akira Ransomware
The Akira Ransomware
The Computer Emergency Response Team (Cert) of India has issued an alert for the Akira ransomware.
Akira ransomware poses a significant threat to both Windows and Linux systems, targeting organizations of all sizes. This dangerous strain of malware employs a double-extortion technique, encrypting personal data and demanding a ransom for its release.
Akira Ransomware Overview
Particulars | Details |
---|---|
Name | Akira Ransomware |
Targets | Windows and Linux-based systems |
Extortion Type | Double Extortion |
Infection Mode | Via VPN services, Misused tools like AnyDesk, WinRAR, PCHunter |
Extortion Mechanism | Encrypt victim’s data, demand ransom, threat of releasing data on dark web |
Spread through spear phishing emails and drive-by-download attacks, Akira can cause devastating consequences, including data and reputation loss, operational disruptions, and financial damages.
This article aims to provide valuable insights into the Akira ransomware, its infection methods, and essential protection measures that organizations should adopt to safeguard against this growing cyber threat.
Key Takeaways
- Akira is a new family of ransomware that targets both Windows and Linux-based systems.
- Akira uses a double-extortion technique to increase the chances of extracting money.
- Protection measures against Akira attacks include maintaining up-to-date offline backups, regularly updating operating systems and networks, implementing email validation protocols, enforcing strong password policies, and enabling multi-factor authentication.
- Additional protection measures against Akira attacks include implementing data encryption, blocking specific attachment file types, avoiding clicking on suspicious links, and conducting regular security audits.
What is Akira?
Akira is a newly identified ransomware family that targets both Windows and Linux-based systems. It employs a double-extortion technique to encrypt personal data and extort money from victims, particularly impacting small to medium-scale businesses.
This ransomware has gained attention due to its ability to steal sensitive information and its disruptive impact on targeted organizations. It spreads through various channels, including spear phishing emails with malicious attachments, drive-by-download attacks, and insecure Remote Desktop connections.
To protect against Akira attacks, organizations are advised to implement measures such as maintaining up-to-date offline backups, regularly updating operating systems and networks, enforcing strong password policies, and enabling multi-factor authentication.
Additional protection measures include implementing data-at-rest and data-in-transit encryption, blocking attachment file types with specific extensions, and conducting regular security audits.
Infection Methods
Akira Ransomware Infection Mechanism
Steps | Description |
---|---|
Step 1 | Execution of Akira ransomware sample |
Step 2 | Deletion of Windows Shadow Volume Copies |
Step 3 | Encryption of files with predefined extensions, append ‘.akira’ to file names |
Step 4 | Termination of active Windows services using Restart Manager API |
Step 5 | Encryption of files in hard drive folders, exclusion of some system folders |
Spread through spear phishing emails with malicious attachments, the ransomware infection method of Akira involves the utilization of archived content files such as zip or rar as the means to infiltrate systems. This technique allows the attackers to disguise the malicious code within seemingly harmless files, increasing the likelihood of successful infection.
In addition, Akira can also be downloaded unintentionally through drive-by-download attacks, where users unknowingly visit compromised websites that automatically initiate the download of the ransomware. Specially crafted web links in emails can also lead to the download of malicious code.
It has also been reported that Akira spreads through insecure Remote Desktop connections, highlighting the importance of securing remote access systems.
File types not modified by Akira Ransomware
File Type | Extension |
---|---|
System files | .sys |
Windows installer package | .msi |
Dynamic-link library files | .dll |
Shortcut files | .lnk |
Executable files | .exe |
Protection Measures
CERT-In has recommended users to follow basic internet hygiene and protection protocols. To enhance security against ransomware attacks, organizations should prioritize the implementation of robust protection measures. These measures include:
- Maintaining up-to-date offline backups and regularly updating operating systems and networks.
- Implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC), Domain Keys Identified Mail (DKIM), and Sender Policy Framework (SPF) for email validation.
- Enforcing strong password policies and multi-factor authentication (MFA).
- Establishing a strict external device usage policy and implementing data-at-rest and data-in-transit encryption.
- Blocking attachment file types with extensions such as .exe, .pif, or .url to prevent unintentional downloads of malicious code.
- Avoiding clicking on suspicious links and conducting regular security audits, especially for database servers.
By implementing these protection measures, organizations can significantly reduce their vulnerability to Akira ransomware attacks.