Science & Tech

Akira Ransomware is being warned against by CERT-IN

The Computer Emergency Response Team of India (CERT-In) has issued a warning about the Akira ransomware, a very severe cyber threat that has caused havoc on corporate networks around the world.

What exactly is the Akira Ransomware?

  • Akira ransomware encrypts sensitive data on infected devices and appends the “akira” extension to filenames, rendering the files inaccessible to users.
  • Shadow Volume Deletion: The ransomware deletes Windows Shadow Volume copies, limiting victim organisations’ data recovery options.
  • Ransom Demands: Ransomware operators demand a twofold ransom for decryption and recovery, threatening to disclose sensitive material on their dark web blog if payment is not made.

Infection and Mechanism of Action

  • Akira ransomware spreads largely via spear-phishing emails with malicious attachments, drive-by downloads, and specially engineered web URLs. It also infiltrates systems through unsecured Remote Desktop connections.
  • To protect system stability, the ransomware avoids encrypting certain system directories.
  • The victim is given a unique negotiation password to connect with the ransomware gang via the threat actor’s Tor site.
  • Important targets
  • Akira ransomware targets business networks in a variety of industries, including education, finance, real estate, manufacturing, and consulting.
  • Exfiltration of sensitive corporate data: In addition to encryption, threat actors steal sensitive corporate data and use it as leverage in extortion attempts.

Akira Ransomware Protection Measures

  • Backups on a regular basis: Maintain current offline backups to secure data recovery in the event of an attack.
  • Updates to the system: Update operating systems and networks on a regular basis, and use virtual patching for legacy systems.
  • To combat email spoofing and spam, implement Domain-based Message Authentication, Reporting, and Conformance (DMARC), Domain Keys Identified Mail (DKIM), and Sender Policy Framework (SPF).
  • Strong Authentication: To secure user accounts, enforce strong password policies and multi-factor authentication (MFA).
  • Data Encryption: To safeguard sensitive information, use data-at-rest and data-in-transit encryption.
  • Attachment Blocking: To avoid harmful downloads, block suspicious attachment file types such as.exe,.pif, or.url.
  • Security Audits: Conduct frequent security audits to identify vulnerabilities, especially for key networks and database servers.
And get notified everytime we publish a new blog post.