CERT-In Cautions Internet Users Against Ransomware ‘Akira’ Attack

The Indian Computer Emergency Response Team (CERT-In) has issued a warning about a new internet ransomware virus named ‘Akira.’ This malicious software is designed to steal sensitive personal information from users and encrypt their data, making it inaccessible to the victims. The attackers then demand a ransom in exchange for unlocking the encrypted data and restoring access.

More About the Ransomware Akira Attack

• A dangerous computer virus called ‘Akira’ is causing trouble for both Windows and Linux systems.
• The attackers use a sneaky tactic – they first steal important information from their victims and then lock up their data, making it impossible for them to access.
• To make matters worse, they demand money from the victims to unlock their data. If the victims refuse to pay, the attackers threaten to publish their stolen data on the dark web.
• The attackers are cleverly using VPN services to get into their victims’ systems, especially when multi-factor authentication is not in place.
• They also use some regular tools like AnyDesk, WinRAR, and PCHunter to carry out their attacks. Unfortunately, the victims often don’t notice the misuse of these tools in their systems.

Infection Mechanism

• The Akira ransomware starts its attack by running a program.
• Once it starts, it deletes the Windows Shadow Volume Copies on the computer to cover its tracks. Then, it goes on to encrypt files with specific extensions.
• Each encrypted file gets a new ‘.akira’ extension added to its name.
• During the encryption process, the ransomware makes sure to avoid any interruptions by stopping certain active Windows services using a special API called the Windows Restart Manager. This ensures a smooth encryption process.
• It targets various folders on the hard drive but skips important system files in the ProgramData, Recycle Bin, Boot, System Volume Information, and Windows folders.
• The ransomware avoids modifying crucial Windows system files with extensions like .sys, .msi, .dll, .lnk, and .exe to keep the computer stable.

How to Protect from This Ransomware?

To protect your data and systems from ransomware attacks, it is important to follow these cybersecurity best practices:

• Regularly back up critical data and keep offline backups: This ensures that even if your system is infected with ransomware, you can restore your data from backups without paying the ransom.
• Keep operating systems and applications updated: Regularly update your software to patch security vulnerabilities and prevent cybercriminals from exploiting them.
• Test backup restoration: Periodically test your backup restoration process to ensure that your backups are functioning correctly and your data can be restored successfully.
• Implement email authentication systems: Use DMARC, DKIM, and SPF to prevent email spoofing and reduce the chances of ransomware reaching your corporate email boxes.
• Enforce strong password policies and use multi-factor authentication: Secure your systems by requiring strong passwords and enabling multi-factor authentication for added security.
• Avoid unofficial channels for updates: Only apply updates and patches from official and trusted sources to avoid malware infections.
• Control external device usage: Implement a strict policy for the usage of external devices like USB drives to prevent malware infections.
• Use data encryption: Employ data-at-rest and data-in-transit encryption to safeguard sensitive information from unauthorized access.
• Utilize anti-exploitation tools: Consider installing anti-exploitation tools like the Enhanced Mitigation Experience Toolkit to protect against known and unknown threats.
• Block certain file attachments: Restrict the attachment of specific file types that are commonly used to spread malware.
• Conduct vulnerability assessments and audits: Regularly assess your network’s vulnerabilities and conduct security audits to identify and fix potential weaknesses.

For more detailed recommendations, you can refer to the “Best Practices and Remedial Measures” on the CERT-IN website.

About The Indian Computer Emergency Response Team (CERT-In)

The Indian Computer Emergency Response Team (CERT-In) is a nodal agency under the Ministry of Electronics and Information Technology (MeitY) of the Government of India. It was established in 2004 to deal with cybersecurity threats and incidents.

Key Responsibilities

• Incident response: CERT-In monitors the Indian Internet domain for cyber security threats and incidents. If it detects a threat or incident, it will work with affected organizations to respond to it.
• Awareness and training: CERT-In also works to raise awareness of cyber security threats and incidents among Indian citizens and organizations. It provides training on cyber security to government agencies, businesses, and individuals.
• Research and development: CERT-In also conducts research and development in the area of cyber security. It develops tools and techniques to help organizations prevent and respond to cyber security threats.

CERT-In is a valuable resource for organizations and individuals in India that are concerned about cyber security. If you are ever the victim of a cyber security attack, you should contact CERT-In for assistance.

• 3 August Current Affairs 2023 in English
• MoU Between Subroto Mukerjee Sports and Education Society and All India Football Federation (AIFF) to Promote Football at Grassroot Level
• Dr. Mansukh Mandaviya Delivers Keynote Address at the 13th Indian Organ Donation Day ceremony
• Education Ministry Forms Expert Panel on Anti-Discrimination in Higher Education
• Concerns Arise Over Cheetah Deaths at Kuno National Park

FAQs