The Indian Computer Emergency Response Team (CERT-In) has issued an advisory warning against ‘Akira’, a recently discovered ransomware virus. This online menace steals critical personal data, encrypts user information, and then extorts money from its victims.
The ransomware, which targets Windows and Linux-based systems, follows a “double extortion” model. It first steals the victim’s data and encrypts their system. If the victim fails to pay the ransom, their data is exposed on the group’s dark web blog.
CERT-In, the central technology authority combating cyber threats, noted that the perpetrators often gain access through VPN services, particularly those not protected by multi-factor authentication. The advisory also highlighted the group’s use of tools like AnyDesk, WinRAR, and PCHunter for intrusion, often going undetected in the victim’s environment.
Technical details reveal that Akira deletes Windows Shadow Volume Copies on the target device. During encryption, a ‘.akira’ extension is added to the name of each encrypted file. The virus also terminates active Windows services to prevent interference with the encryption process, excluding certain folders like ProgramData, Recycle Bin, Boot, System Volume Information, and Windows.
In response to the increasing threat of ransomware infections, CERT-In recommended maintaining up-to-date offline backups of crucial data, regular updates of operating systems and applications, and considering “virtual patching” for protecting legacy systems and networks. Enforcing strong password policies, multi-factor authentication, and avoiding unofficial channels for updates/patches are other recommended countermeasures against such cyber-attacks.