‘AKiRA’

Blog Credit: Trupti Thakur

Image Courtesy: Google

Akira- The Ransomware

In recent times, a dangerous Internet ransomware virus called Akira has been making headlines due to its malicious activities.  This sophisticated malware is designed to encrypt vital personal information and data on victims’ systems, rendering them inaccessible.

This ransomware has been active since March 2023 and is breaching corporate networks. The hackers use a VPN to launch an attack and target organizations that do not have two-factor authentication enabled. The hackers coerce victims into paying a ransom to regain control of their encrypted data.

The ransomware group behind Akira steals personal information and encrypts data, extorting victims for money. If the ransom is not paid, the group threatens to release the data on the dark web.

Dangerous internet ransomware virus called ‘Akira’ has emerged, raising concerns among cybersecurity experts and prompting the government to issue a warning.

This malicious software targets Windows and Linux-based systems encrypts vital personal data, and extorts money from its victims.

But what exactly is Akira and how does it infect software? Moreover, what steps can be taken to safeguard devices from such cyber threats?

 

What is Akira ransomware?

Ransomware is a type of malware that holds users’ data hostage, denying access until a ransom is paid to the attackers.

This specific type of ransomware is designed to encrypt data on infected computers and manipulate filenames by appending the “.akira” extension.  According to PCRisk, upon execution, Akira also deletes ‘Windows Shadow Volume Copies’ on the targeted device. This malware operates through a double extortion technique, much like others of its kind, stealing information from victims and then threatening to release it on the dark web if the ransom is not paid.

This tactic puts immense pressure on victims to pay the ransom to protect their information and reputation.

How does Akira infect software?

Akira ransomware can enter computers through various means such as malicious email attachments or links, pirated software websites, peer-to-peer (P2P) networks, free file hosting sites, and third-party downloaders.

Cybercriminals may also use fake software updates and Trojans to deliver the malware to unsuspecting users. Once a user unwittingly downloads and executes the malicious file, Akira encrypts files found in various hard drive folders.

It appears to exclude certain system folders such as those ending with: in .exe, .dll, .msi, .lnk, and .sys, as well as those located in the Windows, System Volume Information, Recycle Bin, and Program Data folders.

Once the files are encrypted the malware spreads laterally to other devices. The malware tries to gain Windows domain admin credentials, which allows it to deploy the ransomware throughout the network.

Akira’s strategy

Akira has already attacked asset management companies London Capital Group and the Development Bank of Southern Africa as well as many companies across industries, including finance, education, manufacturing, etc.

The gang will reportedly release data onto dark websites and then demand ransoms from $200,000 to millions of dollars, according to a report by Bleeping Computers.

The report also added that while there was another ransomware by the name of Akira back in 2017, the two are not related.

Stealing Vital Personal Information

The primary objective of Akira ransomware is to steal vital personal information from its victims. This sensitive data can include financial records, personal identification details, and confidential documents. The attackers then leverage this information to extort money from the victims.

 

Targeting Windows and Linux-Based Systems

Akira ransomware is not limited to a specific operating system. It targets both Windows and Linux-based systems, making it a potent threat for a wide range of users.

 

Double Extortion Tactics

One of the most alarming aspects of Akira ransomware is its utilization of double extortion tactics. The ransomware group first encrypts the victim’s data, rendering it inaccessible. They then threaten to release this stolen data on their dark web blog if the victim does not pay the ransom.

 

Accessing Victim Environments through VPN Services

The ransomware group behind Akira is known to access victim environments through Virtual Private Network (VPN) services. This is particularly effective in cases where users have not enabled multi-factor authentication, making them vulnerable to attacks.

 

The Motive behind Akira Ransomware

The primary purpose of Akira ransomware is financial gain. By encrypting data and holding it hostage, the attackers aim to extort money from their victims in exchange for restoring access to their systems and sensitive information.

 

Consequences of Non-Payment

If the victim does not comply with the ransom demands, the ransomware group proceeds with their threat and releases the stolen data on their dark web blog. This exposes the victim to the risk of privacy breaches and potential further harm.

 

Defining Ransomware

In essence, ransomware is a form of malicious software that infects and blocks users from accessing their data and systems until they pay a ransom to the attackers. It preys on individuals and organizations, causing disruptions and financial losses.

 

How successful is ransomware?

 

Analysis of websites known to be used by threat actors identified 2252 incidents in 2021, and a further 1858 from January to June 2022. Between May 2021 and June 2022, there were an estimated 3640 successful ransomware attacks globally.

 

How to protect yourself from ransomware infections

Prevention is key to safeguarding against ransomware and any other forms of cyber attacks. Here are some steps that can be taken to protect oneself  from Akira and other ransomware threats:

• Be cautious with email attachments and links: Avoid opening suspicious or unexpected email attachments or clicking on links from unknown senders. Verify the legitimacy of the sender before accessing any email content.
• Download from reputable sources: Only download files and programs from verified stores and official websites. Refrain from clicking on ads on untrustworthy pages.
• Keep software updated: Regularly update operating systems and installed programs to fix vulnerabilities that cybercriminals may exploit.
• Use strong passwords and multi-factor Authentication (MFA): Enforce strong password policies and enable MFA wherever possible to add an extra layer of security.
• Backup critical data: Maintain offline backups of critical data and ensure they are up-to-date. This will prevent data loss in the event of a ransomware infection.
• Report incidents to authorities: If you become a victim of ransomware, report the incident to the appropriate authorities. Providing information to law enforcement agencies can aid in tracking cybercrime and prosecuting attackers.

 

In India, the Indian computer emergency response team (CERT-In), Department of Electronics and Information Technology, Ministry of Communications and Information Technology handles ransomware cases. The agency is the central technology arm to combat cyber attacks and guards cyberspace against phishing and hacking assaults and similar online attacks.
Blog By: Trupti Thakur