In the wake of escalating cyber threats, the Indian Government’s Computer Emergency Response Team (CERT-In) has recently sounded an alert on a new ransomware known as Akira. Ransomware is a malicious software that encrypts computer data, making it inaccessible until a ransom (usually in bitcoins) is paid. The nefarious Akira ransomware has emerged as a serious threat to cybersecurity, having targeted both Windows and Linux platforms.
Understanding Akira Ransomware
Akira ransomware is malevolent software posing significant threats to data security. It infects Windows and Linux systems, encrypts users’ data, and demands a ransom in exchange for decrypted data. This ransomware is uniquely designed to encrypt data and create a lock note with a distinct “.akira” extension added to encrypted filenames.
The malicious software has the capability of erasing Windows Shadow Volume copies and disabling Windows services to prevent interference during its encryption process. Furthermore, it exploits VPN services and other malicious files to gain access to devices, making it tough to detect and circumvent.
Akira’s Modus Operandi
Akira spreads through multiple techniques like spear-phishing emails with malicious attachments, drive-by downloads, and especially crafted web links embedded in emails. Insecure Remote Desktop connections also serve as a vector for Akira transmission.
The Consequences of an Akira Attack
Once a system is compromised, Akira ransomware swipes sensitive information and encrypts it, leaving it unreadable to the victim. Consequently, the attackers demand a ransom for decryption, and threaten to release the stolen data on the dark web if their demands are not met.
Defensive Measures Against Akira Ransomware
Keeping offline backups updated regularly can prevent data loss in the event of an attack. Keeping operating systems and networks up-to-date, including virtual patching for old systems, can patch potential vulnerabilities.
Security protocols such as Domain-based Message Authentication, Reporting and Conformance (DMARC), Domain Keys Identified Mail (DKIM), and Sender Policy Framework should be implemented for email validation. Strong password policies and Multi-Factor Authentication (MFA) should also be enforced to improve user authentication.
Precautionary measures like establishing strict policies for external device usage, safeguarding data-at-rest and data-in-transit encryption, and blocking attachment file types with suspicious extensions such as .exe, .pif, and .url are deterrents to downloading malicious codes. It is essential to educate users to exercise caution when clicking suspicious links, conduct regular security audits, particularly for critical systems like database servers.
CERT-IN: The Nodal Cybersecurity Agency
The Computer Emergency Response Team – India (CERT-In), a part of the Ministry of Electronics and Information Technology, is dedicated to ensuring Indian cyberspace’s safety. As the nodal agency handling cybersecurity threats like hacking and phishing, it collects, analyzes, and disseminates information about cyber incidents. CERT-IN also provides Incident Prevention and Response Services as well as Security Quality Management Services.
Noteworthy References
In recent years, terms like ‘WannaCry, Petya and EternalBlue’ have made headlines, all being related to cyber attacks. According to the Indian cyber insurance provisions for individuals, generally, in addition to payment for loss of funds and other benefits, costs of restoration of computer networks in case of malware attacks, hiring specialized consultants to minimize the loss during cyber extortion, and defense costs in court if sued by a third party are covered. In India, it is legally mandatory for service providers, data centers, and body corporations to report on cybersecurity incidents.