JE Technology Desk: Indian Computer Emergency Response Team (CERT-In) has cautioned users in the country about ransomware dubbed as Akira, which is active in the cyber world. The government’s arm that aims to enhance cyber security in India said the threat targets Windows and Linux-based systems.
The bad actor steals the data of the victims and encrypts it to extort money from the affected device’s owner. If a user does not pay the asked amount, the group uploads the data on a dark web blog. It accesses the system through VPN services, generally when two-factor authentication is not enabled. The hackers use tools including AnyDesk, WinRAR and PCHunter during the process installed in the victim’s machine. This activity mostly goes unnoticed.
Akira Ransomware: Working Mechanism
The attack takes place after the execution of an Akira sample on a computer. It deletes the shadow backup files of the device and then encrypts data. Encrypted files are appended with a “.akira” extension. Later, it closes Windows services from the Restart Manager API in the software to avoid interruptions during encryption.
Akira Attack: Which Files Are Affected?
According to the advisory, it can encrypt files across folders, excluding – Recycle Bin, Boot, ProgramData, System Volume Information and Windows folders. To hide without letting users notice the infection, it does not modify system files and extensions such as .exe, .msi, .sys, .dll and .ink.
Also Read: Clean Malware From Android And Windows Devices With These Govt-Approved Free Tools
Akira Virus: How To Be Safe?
Ransomware threats generally take away data from a computer. Here are a few measures you can adopt to stay safe from them.
– Keep an offline backup of data and update it in a timely manner
– The system must be updated to the latest security build via an official channel
– Use strong passwords and enhanced security features such as two-factor authentication
– Stay cautious while accessing data from external USB drives
Besides these, a user can install an antivirus on a computer to detect these infections. Recently, CERT-In also issued an advisory against Daam malware. Here’s how you can stay safe from this threat.
