Why in news?  The Computer Emergency Response Team of India issued an alert for “Akira.”

AKIRA

• Kind of Ransomware (Malware used to gain unauthorised access to systems to steal data)
• Gets its name due to its ability to modify filenames of all encrypted files by appending them with the “.akira” extension
• Targets computer systems that run on Windows and Linux operating systems and is known to spread laterally across networks
• Uses a double-extortion technique to exfiltrate and encrypt data to increase the chances of extracting money from its victims

How does Akira work?

• Designed to close processes or shut down Windows services that may keep it from encrypting files on the affected system
• Steals personal data, encrypts it and then demands ransom from the victims
• Uses VPN services to trick users into downloading malicious files
• Terminates active Windows services using the Windows Restart Manager API, preventing any interference with the encryption process
• Does not encrypt Program Data, Recycle Bin, Boot, System Volume information, and other folders instrumental in system stability
• Avoids modifying Windows system files with extensions like.syn. .msl and .exe.
• Once sensitive data is stolen and encrypted, the ransomware leaves behind a note named akira_readme.txt which includes information about the attack and the link to Akira’s leak and negotiation site
• Each victim is given a unique negotiation password to be entered into the threat actor’s Tor site.
• Unlike other ransomware operations, this negotiation site just includes a chat system that the victim can use to communicate with the ransomware gang

How it spreads

• Typically spread through spear phishing emails that contain malicious attachments in the form of archived content files
• Other methods include drive-by-download, a cyber-attack that unintentionally downloads malicious code onto a device, and specially crafted web links in emails and also through clicking on downloads malicious code.

What can users do to protect against ransomware?

• Conduct regular backup practices
• Secure backup offline or on other networks
• Turn up automatic software updates
• Refrain from opening suspicious links, and email attachments without checking their authenticity