(844) 627-8267 | Info@NationalCyberSecurity
(844) 627-8267 | Info@NationalCyberSecurity

Watch Out! Akira is Coming: CERT-In Alerts of New Ransomware Leveraging AnyDesk and WinRAR | #ransomware | #cybercrime

The new ‘Akira’ ransomware threat is spreading across Windows and Linux platforms, utilizing common tools like AnyDesk and WinRAR for its infiltration, as CERT-In sounds the alarm and suggests countermeasures.

Updated Jul 24, 2023 | 01:47 PM IST

Akira Ransomware: A New Cyber Threat Leveraging WinRAR and AnyDesk


  • Akira ransomware emerges as a new cyber threat, infiltrating systems using common tools like AnyDesk and WinRAR.
  • CERT-In warns of Akira’s unique two-pronged blackmail tactic, threatening both data encryption and public leaks.
  • CERT-In advises regular backups, system updates, strong passwords, and MFA to guard against Akira ransomware.
The Indian cybersecurity landscape is on high alert as a new ransomware threat named ‘ Akira ‘ has begun to spread across the digital domain. The malicious software targets systems running both Windows and Linux, according to warnings issued by the Indian Computer Emergency Response Team (CERT-In).

Akira: The Two-Pronged Threat

Akira has introduced a unique, two-fold blackmail tactic, making it especially dangerous. The attackers first pilfer personal information from their targets before encrypting the data on their systems. If the victims refuse to pay the demanded ransom, the cyber criminals resort to leaking the stolen data on their dark web blog.
CERT-In’s advisory details the cunning strategies employed by the Akira operators. The use of VPN services to mask their activity, particularly against users without multi-factor authentication, is among their key tactics. The infiltration process is facilitated by the employment of common tools, including AnyDesk and WinRAR , which often escape the attention of their victims.

The Mechanism of Akira

‘Akira’ displays a sophisticated design aimed at maximising its disruptive potential. Upon infiltrating the target system, it deletes Windows Shadow Volume Copies to pave the way for encryption. As the ransomware encrypts files, it appends the ‘.akira’ extension to each file’s name.

In a concerted move to ensure the encryption process remains unhampered, Akira terminates active Windows services through the Windows Restart Manager API. This ensures the encryption of all files across numerous hard drive folders, with the exception of ProgramData, Recycle Bin, Boot, System Volume Information, and Windows folders.

CERT-In’s Countermeasures

CERT-In urges internet users to observe a set of basic security protocols to guard against such malicious attacks. Key recommendations include:

  • Regular offline backups of critical data to prevent loss in case of a ransomware attack
  • Routine updating of operating systems and applications
  • Use of virtual patching to safeguard legacy systems from exploitation through software vulnerabilities
  • Implementation of strong password policies
  • Enabling multi-factor authentication (MFA)

In the face of rising cyber threats like the Akira ransomware, adopting these preventive measures can significantly enhance individual and organizational resilience.

Source link

National Cyber Security