Free Courses Sale ends Soon, Get It Now


AKIRA RANSOMWARE

1st August, 2023

Disclaimer: Copyright infringement not intended.

Context

  • The Computer Emergency Response Team of India issued an alert for ransomware dubbed “Akira.”

 READ:

MALWARE AND ITS TYPES: https://www.iasgyan.in/blogs/malwares-and-its-types

Akira Ransomware

About

  • Akira is a type of ransomware, found to target both Windows and Linux devices.
  • It steals and encrypts data, forcing victims to pay double ransom for decryption and recovery.

Ransomware

Ransomware encrypts files or devices and forces victims to pay a ransom in exchange for re-entry. While ransomware and malware are often used synonymously, ransomware is a specific form of malware.

There are four main types of ransomware:

1.Locker ransomware completely locks users out of their devices.

2.Crypto ransomware encrypts all or some files on a device.

3.Double extortion ransomware encrypts and exports users' files. This way, attackers can receive payment from the ransom and/or the selling of the stolen data.

4.Ransomware as a service enables affiliates, or customers, to rent ransomware. A percentage of each ransom is paid to the ransomware developer.

Victims

  • The group behind the ransomware has already targeted multiple victims, mainly those located in the U.S., and has an active Akira ransomware leak site with information, including their most recent data leaks.

The name- Akira

  • The ransomware gets its name due to its ability to modify filenames of all encrypted files by appending them with the “.akira” extension.

Working

  • The ransomware is designed to close processes or shut down Windows services that may keep it from encrypting files on the affected system.
  • It uses VPN services, especially when users have not enabled two-factor authentication, to trick users into downloading malicious files.
  • As mentioned above, the ransomware deletes the Windows Shadow Volume copies on the affected device. These files are instrumental in ensuring that organizations can back up data used in their applications for day-to-day functioning.
  • VSS services facilitate communication between different components without the need to take them offline, thereby ensuring data is backed up while it is also available for other functions.
  • Once the ransomware deletes the VSS files it proceeds to encrypt files with the pre-defined “.akira” extension.
  • The ransomware also terminates active Windows services using the Windows Restart Manager API, preventing any interference with the encryption process.
  • It is designed to not encrypt Program Data, Recycle Bin, Boot, System Volume information, and other folders instrumental in system stability. It also avoids modifying Windows system files with extensions like .syn. .msl and .exe.
  • Once the ransomware infects a device and steals/encrypts sensitive data, the group behind the attack extorts the victims into paying a ransom, threatening to release the data on their dark web blog if their demands are not met.
  • But how? Once sensitive data is stolen and encrypted, the ransomware leaves behind a note named akira_readme.txt which includes information about the attack and the link to Akira’s leak and negotiation site.
  • Each victim is given a unique negotiation password to be entered into the threat actor’s Tor site.
  • Unlike other ransomware operations, this negotiation site just includes a chat system that the victim can use to communicate with the ransomware gang.

READ:

MALWARE AND ITS TYPES:

 https://www.iasgyan.in/blogs/malwares-and-its-types

ARTICLES ON CYBERSECURITY:

https://www.iasgyan.in/daily-current-affairs/cyber-security-13

https://www.iasgyan.in/daily-current-affairs/cybersecurity-43-29

NATIONAL CYBER SECURITY STRATEGY:

https://iasgyan.in/daily-current-affairs/national-cyber-security-strategy

DELHI DECLARATION ON CYBER SECURITY:

https://www.iasgyan.in/daily-current-affairs/delhi-declaration-on-cybersecurity

DDOS ATTACK:

https://www.iasgyan.in/daily-current-affairs/distributed-denial-of-service-ddos-attack

Indian Computer Emergency Response Team (CERT-IN)

  • CERT-IN is a part of the Indian government's Ministry of Electronics and Information Technology.
  • It is the central organisation for handling risks to cyber security including hacking and phishing. It strengthens the Indian Internet domain's security-related defence.
  • CERT-IN has overlapping responsibilities with other agencies such as;
    • National Critical Information Infrastructure Protection Centre (NCIIPC) which is under the National Technical Research Organisation (NTRO) that comes under the Prime Minister's Office
    • The National Disaster Management Authority (NDMA) is under the Ministry of Home Affairs.
  • The Ministry of Communications and Information Technology established CERT-IN in 2004 under Information Technology Act, 2000 Section (70B).

PRACTICE QUESTION

Q. India’s impressive progress in digitization is certainly revolutionizing how citizens and other State entities conduct their affairs. But the nation’s growing reliance on cyberspace has highlighted its promises and perils. India’s vulnerability in the cyber domain has, for a long, been recognized as a national security issue and hence India needs a National Cybersecurity Strategy. Justify.

https://www.thehindu.com/sci-tech/technology/what-is-the-akira-ransomware/article67134462.ece