Government warns internet users about “AKIRA” ransomware; Hackers using AnyDesk, WinRAR, PCHunter

The Indian Computer Emergency Response Team (CERT-In) has issued an alert about a new Internet ransomware virus dubbed “Akira” that is causing major concern. This malware targets both Windows and Linux based systems.

According to a PTI report. The attackers behind Akira first steal vital personal information from their victims and then encrypt the data on their systems. In order to force victims to pay the ransom, they employ dual blackmail tactics.

According to CERT-In’s latest recommendation, if the victim refuses to pay the ransom, the attackers will publish the stolen data on their dark web blog. The agency emphasizes that Akira operators are known for exploiting VPN services, especially when users do not have multi-factor authentication enabled. The ransomware group was found to use tools like AnyDesk, WinRAR, and PCHunter in its intrusions, which often went unnoticed by the victims.

Also read: Looking for a smartphone? To check mobile finder Akira Ransomware

The technical details of the virus reveal that “Akira” deletes Windows Shadow Volume Copies on the target device before encrypting files. During this encryption process, the “.akira” extension is appended to the name of each encrypted file. Additionally, the ransomware terminates running Windows services using the Windows Restart Manager API to prevent interference with the encryption process. Files in various hard drive folders except the ProgramData, Recycle Bin, Boot, System Volume Information, and Windows folders are encrypted.

Amit Jaju, Senior Managing Director of Ankura Consulting Group (India), sums it up: “The threat of ransomware is increasing. The Akira ransomware attack is a stark reminder of the escalating cybersecurity threat landscape.” It’s no longer just about data theft; Ransomware attacks like these are a form of digital hostage holding of critical data for ransom, disrupting businesses and even governments.”

Jaju also explains the strategy used by the hackers here, saying, “This is where the double blackmail tactic comes into play. Akira employs a double blackmail tactic that is becoming increasingly common among cybercriminals.

What you can do

CERT-In recommends Internet users to follow basic online hygiene and protection protocols to protect themselves from such attacks. It is highly recommended to take offline backups of critical data to avoid data loss in case of infection. Regularly updating operating systems and applications is also critical, and virtual patches can be used to protect legacy systems and networks from cybercriminals exploiting vulnerabilities in outdated software.

Strong passwords and MFA

In addition, the report emphasized the importance of strong password policies and multi-factor authentication (MFA) to improve security. Users should avoid applying updates or patches from unofficial channels and take other necessary measures to counter cyber and ransomware attacks. Proactively implementing these practices can help individuals and organizations defend themselves against the Akira ransomware threat.