Akira Ransomware Overview
- Akira is a new internet ransomware virus causing significant concern, targeting both Windows and Linux-based systems.
- The attackers behind Akira first steal vital personal information from their victims and then proceed to encrypt the data on their systems.
- Double extortion tactics are employed to coerce victims into paying the ransom.
- If the victim refuses to pay, the attackers will publish the stolen data on their dark web blog.
Attack Techniques and Tools
- Akira’s operators exploit VPN services, particularly when users have not enabled multi-factor authentication.
- Tools like AnyDesk, WinRAR, and PCHunter are used in their intrusions, often going unnoticed by victims.
- ‘Akira’ erases Windows Shadow Volume Copies before encrypting files.
- Each encrypted file’s name is appended with a ‘.akira’ extension.
- The ransomware terminates active Windows services using the Windows Restart Manager API to prevent interference with the encryption process.
- Files in various hard drive folders, except ProgramData, Recycle Bin, Boot, System Volume Information, and Windows folders, are encrypted.
Protective Measures
- Maintain offline backups of critical data to avoid data loss in case of infection.
- Regularly update operating systems and applications to stay protected against vulnerabilities.
- Consider employing virtual patching to protect legacy systems and networks from cybercriminals exploiting outdated software.
- Implement strong password policies and use multi-factor authentication (MFA) to enhance security.
- Always apply updates and patches from official channels only.
Being proactive in adopting these practices can help individuals and organizations stay resilient against the Akira ransomware threat.
