Akira Ransomware

  • August 1, 2023
  • Posted by: OptimizeIAS Team
  • Category: DPN Topics
No Comments

 

 

Akira Ransomware

Subject : Science and technology

Section: Awareness in IT

Context:

The Computer Emergency Response Team of India has issued an alert for the ransomware dubbed “Akira.”

What is Ransomware?

Ransomware is malicious software that encrypts a victim’s files or computer system and demands a ransom for decryption.

For example, WannaCry: A widespread ransomware attack that occurred in 2017, affecting hundreds of thousands of computers worldwide.

What is Akira Ransomware?

  • Target both Windows and Linux devices
  • Forces victims to pay double ransom for decryption and recovery
  • Designed to encrypt data, create a ransomware note and delete Windows Shadow Volume copies on affected devices.
  • Modifies file name with ‘.akira’
  • Close processes on system which may keep it from encrypting
  • Uses VPN services
  • Deletes the Windows Shadow Volume copies on the affected device

What is VSS Services?

  • Volume shadow copy services (VSS) can create backup copies or snapshots of computer files or volumes, even when they are in use.

How does Akira ransomware work?

  1. Terminates active Windows services preventing any interference with the encryption process.
  2. Does not encrypt system files and components essential for stability of system.
  3. Once sensitive data is stolen, leaves behind a note containing –
    1. Information about attack
    2. Link to leak and negotiation site
  4. Each victim is given a unique negotiation password to be entered into the threat actor’s Tor site to negotiate with ransomware gang.

What is dark web and tor site?

  1. The dark web is a hidden part of the internet, accessible only through specialized software like the Tor browser, known for its anonymity and hosting illegal activities.
  2. Tor—short for the Onion Routing project—is an open-source privacy network that enables anonymous web browsing.

How ransomware infects devices?

  1. Phishing emails with malicious attachments.
  2. Drive-by-download
    1. a cyberattack that unintentionally downloads malicious code onto a device.
  3. Specially crafted web links in emails – downloads malicious code.
  4. Exploiting Software Vulnerabilities
  5. Malvertising
    1. use of malicious advertisements (malvertising) on legitimate websites to redirect users to sites hosting ransomware
  6. Infected Software
  7. Remote Desktop Protocol (RDP) Attacks
  8. External Devices
  9. File-sharing Networks

How to protect against ransomware?

  1.   CERT-In has advised users to follow basic internet hygiene and protection protocols
  2.   Includes maintaining up to date offline backups of critical data, to prevent data loss in the event of an attack.
  3.   Use of Reliable Security Software
  4.   Keeping Software Updated
  5.   Exercising Caution with Email
  6.   Enabling Macro Security
  7.   Avoiding Suspicious Websites
  8.   Backup Data Regularly
  9.   Using Strong and Unique Passwords
  10. Disabling Remote Desktop Services (if not needed)
  11. Educating Users about Ransomware Risks
  12. Staying Informed about Latest Threats and Security Best Practices.
Akira Ransomware Science and tech