The new ‘Akira’ ransomware threat is spreading across Windows and Linux platforms, utilizing common tools like AnyDesk and WinRAR for its infiltration, as CERT-In sounds the alarm and suggests countermeasures.
Updated Jul 24, 2023 | 01:47 PM IST
Akira Ransomware: A New Cyber Threat Leveraging WinRAR and AnyDesk
- Akira ransomware emerges as a new cyber threat, infiltrating systems using common tools like AnyDesk and WinRAR.
- CERT-In warns of Akira’s unique two-pronged blackmail tactic, threatening both data encryption and public leaks.
- CERT-In advises regular backups, system updates, strong passwords, and MFA to guard against Akira ransomware.
Akira: The Two-Pronged Threat
The Mechanism of Akira
‘Akira’ displays a sophisticated design aimed at maximising its disruptive potential. Upon infiltrating the target system, it deletes Windows Shadow Volume Copies to pave the way for encryption. As the ransomware encrypts files, it appends the ‘.akira’ extension to each file’s name.
In a concerted move to ensure the encryption process remains unhampered, Akira terminates active Windows services through the Windows Restart Manager API. This ensures the encryption of all files across numerous hard drive folders, with the exception of ProgramData, Recycle Bin, Boot, System Volume Information, and Windows folders.
CERT-In urges internet users to observe a set of basic security protocols to guard against such malicious attacks. Key recommendations include:
- Regular offline backups of critical data to prevent loss in case of a ransomware attack
- Routine updating of operating systems and applications
- Use of virtual patching to safeguard legacy systems from exploitation through software vulnerabilities
- Implementation of strong password policies
- Enabling multi-factor authentication (MFA)
In the face of rising cyber threats like the Akira ransomware, adopting these preventive measures can significantly enhance individual and organizational resilience.