In recent reports regarding technology and cyberspace, it has been revealed that there has been a new attack on computer users which has been targeting to extract money from them. In common terms, these types of attacks have been usually labelled as ‘ransomware attacks’, wherein the attack targets a machine. This is then followed by the attack to encrypt the data present on the user’s machine completely thus, making the user lose all control over the files and folders that have been present on the system.
To make the system go back to normal, the attackers have been known to send a message that will mainly tell about the next step of how to pay the ransom amount to them. It has been mentioned in past attacks that the messages are the warnings to let the users know that if they fail to pay the total ransom attack amount, they will have to face the loss of their folders, and files and include the data on them. In recent years, it has also been seen that new attacks keep coming out on the user machines by these attackers, and there have been various steps that must be taken to keep safe from the user’s end.
‘Akira’ Ransomware Attack Overview
This is a recent attack that has just emerged into the attention of every cyberspace enthusiast due to its widespread reach which has been reported by users everywhere. This recently discovered ransomware attack has been termed “Akira” by various articles and reports and it has also been mentioned in the news that this ransomware attack operation has now been reported to be active in the space for users of all ages and locations. It has also been stated that the attackers who are responsible for sending the ‘Akira’ to the user machines are a group that has to first steal the information from the targeted user machines, then in the next step, they have to move forward to encrypt the data which has been stolen.
This data also stays on the system which has been attacked but the user who owns the system loses all the access to the files and folders present on it. The data that has been affected has to be left on the system in an encrypted form, for this purpose, by the attackers. After following this step, the attackers then perform double extortion on the user’s machine and as it has been reported, this is done by the attackers to put pressure upon the targeted user to pay the group the complete sum of ransom money, as they demand in their message. In recent news reports, it has been suggested that the newest attacking malware, which has also been known as, ‘Akira’ has been targeting Windows Systems and other systems which have been based on Linux.
‘Akira’ Ransomware Attack Reports
In the recent reports that have been released to warn the Windows and Linux Indian users, it has been mentioned that a new internet ransomware virus ‘Akira’ attack has been reported widely in cyberspace, as it has affected multiple users till now. The virus has been known to steal vital information from the system and encrypt it, which is then used to eventually perform the attacker’s extortion and force the user to pay the ransom amount to the attackers if they want to take their data back. This information has been officially posted by a Federal Indian Cyber Security Agency, as reported.
It has also been added to the report that if the victim has not been able to pay the ransom amount to these attackers, then their data is released by the attackers on their numerous and inaccessible dark web blogs. The report has been released as a warning to the Indian users by the Cyber Security Agency, which has been popularly known as the ‘Indian Computer Emergency Response Team’, or as it has come to be famously called as, the CERT-In. This advisory has also revealed that the ‘Akira’ attack has been known to affect the systems that are either based on the Windows OS or the systems that are running on Linux-based systems.
CERT-IN Background & Advisory
As per the most recent advisory, all the Indian users have been cautioned of the newest ‘Akira’ ransomware attack, namely ‘Akira’, by the CERT-IN. This warning has been issued by the ‘Indian Computer Emergency Response Team’, which has started to get labelled as everywhere as, CERT-In. This agency has been the central technological arm that has helped counter cyber attacks including the likes of phishing, ransomware, etc. It has also revealed that the ransomware attack is completed by accessing the victim environments via VPN services especially the users who have not done 2-step authentication.
As per the advisory, it has been said that the users are also advised to make use of basic online safety browsing and protection measures to keep safe against attacks like these. It is also recommended that the offline backups are kept by the users at all times so that data loss does not occur easily. In the next steps to be followed by the users, it had been said that all the applications must stay updated and “virtual patching” has to be completed to protect the networks.
How ‘Akira’ Ransomware Attack Works
In the latest advisory, it has been said that the attackers have also made use of tools like AnyDesk, PC Hunter and WinRAR among others as these tools are present on the target machine and they can be easily misused by the attackers. During the intrusion of a technical device, the virus has to delete the Windows Shadow Volume Copies from the system to enable encryption. This encryption has been reported to be completed by making the use of predefined extensions added to a “.akira” extension, which appears to be added in the names of the files affected.
Homepage | Click Here |
After the encryption, the attack has to halt all the active services that have been running on Windows (if it is using Windows). It completes this step by the use of a tool called “Windows Restart Manager API”, so the encryption keeps continuing. It has been noted that the files that get affected had been found to be stored in folders excluding Recycle Bin, Program Data Folder, System Volume Info, Boot, etc.