Akira ransomware, Govt. warns Windows, Linux PC users

Image

An alarming internet ransomware virus known as 'Akira' has emerged, causing concerns among cybersecurity experts and leading the government to issue a warning. This malicious software specifically targets systems running Windows and Linux, encrypting crucial personal data and extorting money from its victims.

But what exactly is the nature of the Akira virus and how does it infiltrate software? Furthermore, what measures can be adopted to shield devices from such cyber threats?

What is the Akira ransomware?

Akira ransomware belongs to a category of malware that takes users' data hostage, blocking access until a ransom is paid to the perpetrators.

Akira Ransomware: An Overview

Akira represents a specific strain of ransomware designed to encrypt data on compromised computers and modify filenames by appending the ".akira" extension. As reported by PCRisk, upon activation, Akira also eradicates 'Windows Shadow Volume Copies' on the targeted device. Employing a dual extortion technique akin to similar malware, Akira pilfers information from victims and then threatens to expose it on the dark web unless the ransom is remitted. This approach exerts considerable pressure on victims to meet the ransom demands to safeguard their information and reputation.

How does Akira infiltrate software?

The Akira ransomware can infiltrate computer systems through various avenues, including malevolent email attachments or links, pirated software platforms, peer-to-peer networks (P2P), free file hosting websites, and third-party downloaders. Cybercriminals may also employ counterfeit software updates and Trojans to deliver the malware to unsuspecting users. Once a user unknowingly downloads and executes the malicious file, Akira proceeds to encrypt files found in diverse hard drive directories.

Interestingly, certain system folders seem to be exempt from encryption, including those with extensions such as .exe, .dll, .msi, .lnk, and .sys. Moreover, folders located in Windows, System Volume Information, Recycle Bin, and Program Data directories appear to be spared. Following encryption, the malware spreads laterally to other devices and endeavors to obtain Windows domain admin credentials, facilitating the propagation of the ransomware across the network.

Akira's Modus Operandi

Akira has already targeted entities like London Capital Group, an asset management firm, and the Development Bank of Southern Africa, along with numerous companies spanning various industries such as finance, education, and manufacturing. According to a report by Bleeping Computers, the group behind Akira is anticipated to disclose data on dark websites, subsequently demanding ransoms ranging from $200,000 to several million dollars.

The report further clarifies that while there was a previous ransomware variant named Akira in 2017, the two are not interconnected.

Protecting Against Ransomware Infections

Prevention is paramount in guarding against ransomware and other forms of cyber attacks. Below are several steps that individuals can take to protect themselves from Akira and similar ransomware threats:

Exercise Caution with Email Attachments and Links: Refrain from opening suspicious or unexpected email attachments or clicking on links from unfamiliar senders. Verify the legitimacy of the sender before engaging with any email content.

Only download files and applications from trusted stores and official websites. Avoid clicking on advertisements on unverified pages.

Regular Software Updates:

Keep operating systems and installed programs up to date to patch vulnerabilities that could be exploited by cybercriminals.

Employ Robust Passwords and Multi-Factor Authentication (MFA):

Implement strong password protocols and activate MFA whenever possible to enhance security.

Backup Essential Data:

Maintain offline backups of critical data and ensure they are current. This precaution prevents data loss in the event of a ransomware incident.

Report Incidents to Authorities:

If targeted by ransomware, promptly report the incident to relevant authorities. Sharing information with law enforcement agencies aids in tracking cybercrime and prosecuting culprits.

In India, the Indian Computer Emergency Response Team (CERT-In), a branch of the Department of Electronics and Information Technology under the Ministry of Communications and Information Technology, manages cases of ransomware. Serving as the central technological entity against cyber attacks, CERT-In safeguards cyberspace from phishing, hacking assaults, and similar online threats.

Author- Dr. Amar Nath Pandey, Coordinator, School of Computer Science, Nalanda Open University, Patna