The Indian government’s cybercrime unit has warned against the latest internet ransomware, Akira, which targets Windows and Linux-based systems.
Once on a computer, the malware encrypts files across the victim’s hard drive before issuing a ransom note in an attempt to extort the user.
The computer emergency response team‘s warning states that if the victim does not pay, the files remain encrypted, with the attackers further threatening to reveal the stolen personal and confidential information on the dark web.
What is Akira Ransomware?
Akira is a malware created to encrypt data on infected computer devices. Once files have been encrypted, their filename extensions are appended to include “.akira” at the end.
Akira also removes ‘Windows Shadow Volume Copies’ – backups of user files – on the affected device.
This ransomware can get into computers in many ways. Some common paths include email attachments, malicious links, pirated software websites, free file hosting sites, peer-to-peer (P2P) networks, and third-party downloaders.
Hackers may also use fake software updates and Trojans to spread the malware.
When users unintentionally download and execute the malicious file, Akira encrypts files found in different hard drive folders. The malware tends to omit some particular system files ending with .exe, .dll, .msi, .lnk, and .sys, and those placed in the Windows, System Volume Information, Recycle Bin, and Program Data folders.
Akira also attempts to spread to other network devices by attempting to gain Windows domain admin credentials.
Once files are infected and encrypted, Akira leaves a file on the infected machine, instructing the user to download a TOR browser, join a chat room, and negotiate the decryption of their files.
“In case the victim does not pay, they release their victim’s data on their dark web blog,” according to CERT-In.
Protection Methods Against Akira
Prevention is always the best way to stay protected from ransomware attacks or cybercrime. CERT-In advises internet users to maintain basic online hygiene and protection methods to keep safe from such cyber attacks.
Any internet user should, at a minimum:
- Update your operating systems and software applications regularly to prevent cyber criminals from gaining system access through vulnerable, outdated software;
- Make sure you install updates/patches from official websites or official in-built software updates;
- Create strong passwords, regularly change them, and enable multi-factor authentication (MFA) wherever possible;
- Be wary of email attachments and links, and always verify an email sender;
- Keep separate offline data backups, and back up data regularly to prevent losing recent work.
What is CERT?
CERT is an acronym for ‘Computer Emergency Response Team,’ with governments and many companies worldwide having some form of cyber-security institution.
They are formed from expert information security professionals, and when they detect a threat, the group issues an advisory to alert potential victims.
The first CERT group was formed in 1998 by the U.S. Defense Advanced Research Projects Agency and coordinated through Carnegie Mellon University’s Software Engineering Institute (SEI).
Ransomware attacks are not new to the cyber world, and this new addition to the list attacks both individuals and networks worldwide.
Cyber security measures are a must for all internet users – keep your operating systems and software up-to-date, exercise extreme caution with password management, and be alert to suspicious attachments, links, and files at all times.