Note4Students
From UPSC perspective, the following things are important :
Prelims level: Akira Ransomware
Mains level: Not Much
Central Idea
- The Computer Emergency Response Team of India (CERT-In) issued a warning about the Akira ransomware, a highly dangerous cyber threat that has been wreaking havoc on corporate networks worldwide.
What is the Akira Ransomware?
- Encryption and Data Theft: Akira ransomware encrypts sensitive data on targeted devices and appends the “akira” extension to filenames, making the files inaccessible to users.
- Shadow Volume Deletion: The ransomware deletes Windows Shadow Volume copies, hindering data recovery options for affected organizations.
- Ransom Demands: The ransomware operators extort victims by demanding a double ransom for decryption and recovery, threatening to leak sensitive data on their dark web blog if payment is not made.
Infection and Working Mechanism
- Spread Methods: Akira ransomware is primarily distributed through spear-phishing emails with malicious attachments, drive-by downloads, and specially crafted web links. It also exploits insecure Remote Desktop connections to infiltrate systems.
- Selective Encryption: The ransomware avoids encrypting specific system folders to maintain system stability.
- Negotiation Process: Each victim is given a unique negotiation password to communicate with the ransomware gang via the threat actor’s Tor site.
Major targets
- Corporate Networks: Akira ransomware targets corporate networks across various sectors, including education, finance, real estate, manufacturing, and consulting.
- Data Exfiltration: In addition to encryption, the threat actors steal sensitive corporate data, using it as leverage in their extortion attempts.
Protective Measures against Akira Ransomware
- Regular Backups: Maintain up-to-date offline backups to ensure data recovery in case of an attack.
- System Updates: Regularly update operating systems and networks, and implement virtual patching for legacy systems.
- Email Authentication: Establish Domain-based Message Authentication, Reporting, and Conformance (DMARC), Domain Keys Identified Mail (DKIM), and Sender Policy Framework (SPF) to prevent email spoofing and spam.
- Strong Authentication: Enforce strong password policies and multi-factor authentication (MFA) to secure user accounts.
- Data Encryption: Implement data-at-rest and data-in-transit encryption to protect sensitive information.
- Attachment Blocking: Block suspicious attachment file types like .exe, .pif, or .url to prevent malicious downloads.
- Security Audits: Conduct regular security audits, especially for critical networks and database servers, to identify vulnerabilities.
Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024
