Government warns about 'Akira' ransomware targeting Windows and Linux users
- In Reports
- 10:13 PM, Jul 25, 2023
- Myind Staff
According to reports, India's primary agency for computer security threats, the Computer Emergency Response Team-India (CERT-In), has issued a warning to citizens and organizations regarding a newly identified ransomware named 'Akira.' The advisory issued states that this ransomware poses a threat to both Windows and Linux-based operating systems.
The agency has revealed that the group behind 'Akira' gains access to users' systems through VPN services, particularly when multi-factor authentication is not enabled. Additionally, they deceive users into downloading seemingly harmless files using tools like AnyDesk, WinRAR, and PC Hunter.
Once the ransomware infiltrates the system, it activates itself and encrypts all sensitive data, transforming them into files with the extension .akira. This encryption renders the data inaccessible, and the perpetrators then demand ransom from the affected users in exchange for the decryption key.
The emergence of 'Akira' has raised serious concerns among users and organizations, prompting them to take necessary precautions to safeguard their systems and data from potential cyber threats.
"The attack process begins when a sample of the Akira ransomware is executed. Upon execution, Akira deletes the Windows Shadow Volume Copies on the targeted device. The ransomware then encrypts files with a predefined set of extensions. A '.akira' extension is appended to each encrypted file's name during this encryption process," noted the agency.
As per recent reports, the 'Akira' ransomware has been actively targeting corporate networks since March 2023. Once the attackers harvest the data, they resort to threatening their victims with the public release of sensitive content, including explicit material in some instances. Corporate companies are also warned that their valuable trade secrets will be sold on the dark web to the highest bidder if they refuse to comply with the ransom demands.
To protect themselves from falling victim to such ransomware attacks, experts from CERT-In offer valuable advice to users and organizations. Maintaining official backups of critical data is highly recommended, as it can prevent data loss even if hackers gain access to the information.
To further strengthen security, users are urged to enforce robust password policies and implement multi-factor authentication (MFA) religiously, ensuring that unauthorized access is prevented. A strict policy regarding the usage of external devices like USB drives is advised, and data-at-rest and data-in-transit encryption should be employed to safeguard sensitive information.
To minimize the risk of ransomware attacks, attachments with certain file types should be blocked, including exe, pif, tmp, url, vb, vbe, scr, reg, cer, pst, and md, among others.
Additionally, conducting Vulnerability Assessment and Penetration Testing (VAPT) and regular information security audits, especially for critical networks and database servers, is highly recommended. These security measures can significantly enhance a system's resilience against cyber threats and provide proactive defense against potential ransomware attacks.
Image source: India Today
Comments