What makes this ransomware a national-level threat?- QHN

This malicious software targets Windows and Linux-based systems encrypts vital personal data, and extorts money from its victims.

But what exactly is Akira and how does it infect software? Moreover, what steps can be taken to safeguard devices from such cyber threats.

What is Akira ransomware?

Ransomware is a type of malware that holds users’ data hostage, denying access until a ransom is paid to the attackers.

Akira is a specific type of ransomware designed to encrypt data on infected computers and manipulate filenames by appending the “.akira” extension.  According to PCRisk, upon execution, Akira also deletes ‘Windows Shadow Volume Copies’ on the targeted device. This malware operates through a double extortion technique, much like others of its kind, stealing information from victims and then threatening to release it on the dark web if the ransom is not paid.

This tactic puts immense pressure on victims to pay the ransom to protect their information and reputation.

How does Akira infect software?

Akira ransomware can enter computers through various means such as malicious email attachments or links, pirated software websites, peer-to-peer (P2P) networks, free file hosting sites, and third-party downloaders.

Cybercriminals may also use fake software updates and Trojans to deliver the malware to unsuspecting users. Once a user unwittingly downloads and executes the malicious file, Akira encrypts files found in various hard drive folders.

It appears to exclude certain system folders such as those ending with: in .exe, .dll, .msi, .lnk, and .sys, as well as those located in the Windows, System Volume Information, Recycle Bin, and Program Data folders.

Once the files are encrypted the malware spreads laterally to other devices. The malware tries to gain Windows domain admin credentials, which allows it to deploy the ransomware throughout the network.

Akira’s strategy

Akira has already attacked asset management companies London Capital Group and the Development Bank of Southern Africa as well as many companies across industries, including finance, education, manufacturing, etc.

The gang will reportedly release data onto dark websites and then demand ransoms from $200,000 to millions of dollars, according to a report by Bleeping Computers.

How to protect yourself from ransomware infections

Prevention is key to safeguarding against ransomware and any other forms of cyber attacks. Here are some steps that can be taken to protect oneself  from Akira and other ransomware threats:

• Be cautious with email attachments and links: Avoid opening suspicious or unexpected email attachments or clicking on links from unknown senders. Verify the legitimacy of the sender before accessing any email content.
• Download from reputable sources: Only download files and programs from verified stores and official websites. Refrain from clicking on ads on untrustworthy pages.
• Keep software updated: Regularly update operating systems and installed programs to fix vulnerabilities that cybercriminals may exploit.
• Use strong passwords and multi-factor Authentication (MFA): Enforce strong password policies and enable MFA wherever possible to add an extra layer of security.
• Backup critical data: Maintain offline backups of critical data and ensure they are up-to-date. This will prevent data loss in the event of a ransomware infection.
• Report incidents to authorities: If you become a victim of ransomware, report the incident to the appropriate authorities. Providing information to law enforcement agencies can aid in tracking cybercrime and prosecuting attackers.

In India, the Indian computer emergency response team (CERT-In), Department of Electronics and Information Technology, Ministry of Communications and Information Technology handles ransomware cases. The agency is the central technology arm to combat cyber attacks and guards cyberspace against phishing and hacking assaults and similar online attacks.