The Indian government has issued a warning about a dangerous ransomware named Akira, which poses a significant threat to systems operating on Windows and Linux. The ransomware group behind Akira is notorious for stealing crucial personal information from victims and encrypting their data, coercing them into paying a ransom under the threat of data release on the dark web.
To gain unauthorized access to victim environments, the attackers exploit VPN services, especially where multifactor authentication is absent, and utilize common tools like AnyDesk, WinRAR, and PCHunter to remain undetected.
The ransomware’s operation begins with the deletion of Windows Shadow Volume Copies on infected devices, followed by encrypting files with specific extensions while adding a ‘.akira’ extension to each encrypted file.
To avoid interference during the encryption process, the malware terminates active Windows services using the Windows Restart Manager API, sparing Windows system files (e.g., .sys, .msi, dll .Ink, and exe) to maintain stability.
To protect against Akira ransomware, netizens are advised to practice basic online hygiene and protection protocols. Keeping offline backups of critical data up-to-date can prevent data loss in the event of infection.
Regularly updating operating systems and applications, employing virtual patching for legacy systems and networks, and implementing strong password policies with multi-factor authentication are crucial measures to safeguard against cyber and ransomware attacks.