AKIRA
RANSOMWARE - SCI & TECH
News:
What is the Akira
ransomware, and why has the government issued a warning against it?
What's
in the news?
●
The Computer Emergency Response Team of
India issued an alert for ransomware dubbed “Akira.”
Key
takeaways:
●
The ransomware, found to target both Windows and Linux devices,
steals and encrypts data, forcing victims to pay double ransom for decryption
and recovery.
●
The group behind the ransomware has
already targeted multiple victims, mainly those located in the U.S., and has an
active Akira ransomware leak site with information, including their most recent
data leaks.
Akira
Ransomware:
●
The Akira ransomware is designed to encrypt data, create a ransomware note and
delete Windows Shadow Volume copies on affected devices.
●
The ransomware gets its name due to its
ability to modify filenames of all encrypted files by appending them with the
“akira” extension.
Threats:
●
The ransomware is designed to close
processes or shut down Windows services that may keep it from encrypting files
on the affected system.
●
It uses VPN services, especially when
users have not enabled two-factor authentication, to trick users into
downloading malicious files.
●
Once the ransomware infects a device and
steals/encrypts sensitive data, the group behind the attack extorts the victims
into paying a ransom, threatening to release the data on their dark web blog if
their demands are not met.
Spreads
through:
●
Ransomware is typically spread through
spear phishing emails that contain malicious attachments in the form of
archived content (zip/rar) files.
●
Other methods used to infect devices
include drive-by-download, a cyber-attack that unintentionally downloads
malicious code onto a device, and specially crafted web links in emails,
clicking on which downloads malicious code.
●
The ransomware reportedly also spreads
through insecure Remote Desktop connections.
Who
does Akira ransomware target?
●
In use since March 2023, the ransomware
has steadily built up a list of victims, targeting
corporate networks in various domains including education, finance, real
estate, manufacturing, and consulting. Once it breaches a corporate network,
the ransomware spreads laterally to other devices after gaining Windows domain
admin credentials.
●
The threat actors also steal sensitive
corporate data for leverage in their extortion attempts.
What
can users do to protect against Akira attacks?
●
Maintain up-to-date offline backups
●
Ensure OS and networks are updated
regularly, with virtual patching for legacy systems
●
Establish Domain-based Message
Authentication, Reporting, and Conformance, Domain Keys Identified Mail (DKIM),
and Sender policy for organizational email validation
●
Strong password policies
●
Strong Multi-Factor Authentication
●
Strict external device usage policy
●
Data-at-rest and data-in-transit
encryption
●
Blocking attachment file types with
.exe,.pif,.url, or other such extensions
●
Avoid clicking on suspicious links to
avoid downloads of malicious code
●
Conduct regular security audits of
systems, especially database servers.