The nation’s official cyber security agency has issued a new advisory warning of the existence of the Internet ransomware virus “Akira,” which takes crucial personal information and encrypts data to extort money from victims. According to it, Windows and Linux-based systems are the targets of this computer infection.
Akira, a recently discovered ransomware campaign, is reportedly operational online. In order to coerce the victim into paying the ransom, this organization first takes the victim’s information, encrypts the data on their systems, and engages in double extortion.
In a recent warning to Internet users, the Indian Computer Emergency Response Team (CERT-In) stated that “in case the victim does not pay, they release their victim’s data on their dark web blog.” The organization serves as the primary technological defence against cyberattacks and protects internet targets from phishing, hacking, and other similar attacks.
It stated that the ransomware organization is “known to access victim environments via VPN (virtual private network) services, particularly where users have not enabled multi-factor authentication.”
Computer malware known as ransomware infects users’ systems and prevents them from accessing their own data, with the option to restore access for a fee. According to the report, this ransomware organization has also used programs like AnyDesk, WinRAR, and PCHunter during invasions. It added that because these programs are frequently present in the victim’s environment, usage of them usually goes unchecked.
The advisory stated that “Akira” deletes the Windows Shadow Volume Copies on the targeted device in describing the technical infiltration of the virus. The ransomware then encrypts files with a specified list of extensions, and during this encryption process, a ‘.akira’ extension is added to the name of each encrypted file, it stated.
During the encryption stage, the ransomware uses the Windows Restart Manager API to stop running Windows services. According to the advice, this step stops any tampering with the encryption process. The advice also suggested routine operating system and application updates as well as the possibility of “virtual patching” as a defence for older networks and devices.
This precaution prevents cybercriminals from quickly accessing any machine through holes in out-of-date software and programs, according to the statement.
Among other ways to thwart cyber and ransomware attacks, it advised users to enforce strong password policies, use multi-factor authentication (MFA), avoid installing updates or patches from any unauthorised source, and more.