The Computer Emergency Response Team of India (CERT-In) has issued a warning about the Akira ransomware, a very severe cyber threat that has caused havoc on corporate networks around the world.
What exactly is the Akira Ransomware?
- Akira ransomware encrypts sensitive data on infected devices and appends the “akira” extension to filenames, rendering the files inaccessible to users.
- Shadow Volume Deletion: The ransomware deletes Windows Shadow Volume copies, limiting victim organisations’ data recovery options.
- Ransom Demands: Ransomware operators demand a twofold ransom for decryption and recovery, threatening to disclose sensitive material on their dark web blog if payment is not made.
Infection and Mechanism of Action
- Akira ransomware spreads largely via spear-phishing emails with malicious attachments, drive-by downloads, and specially engineered web URLs. It also infiltrates systems through unsecured Remote Desktop connections.
- To protect system stability, the ransomware avoids encrypting certain system directories.
- The victim is given a unique negotiation password to connect with the ransomware gang via the threat actor’s Tor site.
- Important targets
- Akira ransomware targets business networks in a variety of industries, including education, finance, real estate, manufacturing, and consulting.
- Exfiltration of sensitive corporate data: In addition to encryption, threat actors steal sensitive corporate data and use it as leverage in extortion attempts.
Akira Ransomware Protection Measures
- Backups on a regular basis: Maintain current offline backups to secure data recovery in the event of an attack.
- Updates to the system: Update operating systems and networks on a regular basis, and use virtual patching for legacy systems.
- To combat email spoofing and spam, implement Domain-based Message Authentication, Reporting, and Conformance (DMARC), Domain Keys Identified Mail (DKIM), and Sender Policy Framework (SPF).
- Strong Authentication: To secure user accounts, enforce strong password policies and multi-factor authentication (MFA).
- Data Encryption: To safeguard sensitive information, use data-at-rest and data-in-transit encryption.
- Attachment Blocking: To avoid harmful downloads, block suspicious attachment file types such as.exe,.pif, or.url.
- Security Audits: Conduct frequent security audits to identify vulnerabilities, especially for key networks and database servers.
Source: https://www.deccanherald.com/business/technology/beware-of-akira-ransomware-cert-in-warns-windows-linux-pc-users-1240293.html