Published on: August 3, 2023

Akira Ransomware

Akira Ransomware

Why in news?  The Computer Emergency Response Team of India issued an alert for “Akira.”


  • Kind of Ransomware (Malware used to gain unauthorised access to systems to steal data)
  • Gets its name due to its ability to modify filenames of all encrypted files by appending them with the “.akira” extension
  • Targets computer systems that run on Windows and Linux operating systems and is known to spread laterally across networks
  • Uses a double-extortion technique to exfiltrate and encrypt data to increase the chances of extracting money from its victims

How does Akira work?

  • Designed to close processes or shut down Windows services that may keep it from encrypting files on the affected system
  • Steals personal data, encrypts it and then demands ransom from the victims
  • Uses VPN services to trick users into downloading malicious files
  • Terminates active Windows services using the Windows Restart Manager API, preventing any interference with the encryption process
  • Does not encrypt Program Data, Recycle Bin, Boot, System Volume information, and other folders instrumental in system stability
  • Avoids modifying Windows system files with extensions like.syn. .msl and .exe.
  • Once sensitive data is stolen and encrypted, the ransomware leaves behind a note named akira_readme.txt which includes information about the attack and the link to Akira’s leak and negotiation site
  • Each victim is given a unique negotiation password to be entered into the threat actor’s Tor site.
  • Unlike other ransomware operations, this negotiation site just includes a chat system that the victim can use to communicate with the ransomware gang

How it spreads

  • Typically spread through spear phishing emails that contain malicious attachments in the form of archived content files
  • Other methods include drive-by-download, a cyber-attack that unintentionally downloads malicious code onto a device, and specially crafted web links in emails and also through clicking on downloads malicious code.

What can users do to protect against ransomware?

  • Conduct regular backup practices
  • Secure backup offline or on other networks
  • Turn up automatic software updates
  • Refrain from opening suspicious links, and email attachments without checking their authenticity