Cyber Security – CERTs, Policy, etc

CERT-IN warns against Akira Ransomware

Note4Students

From UPSC perspective, the following things are important :

Prelims level: Akira Ransomware

Mains level: Not Much

akira ransomware

Central Idea

  • The Computer Emergency Response Team of India (CERT-In) issued a warning about the Akira ransomware, a highly dangerous cyber threat that has been wreaking havoc on corporate networks worldwide.

What is the Akira Ransomware?

  • Encryption and Data Theft: Akira ransomware encrypts sensitive data on targeted devices and appends the “akira” extension to filenames, making the files inaccessible to users.
  • Shadow Volume Deletion: The ransomware deletes Windows Shadow Volume copies, hindering data recovery options for affected organizations.
  • Ransom Demands: The ransomware operators extort victims by demanding a double ransom for decryption and recovery, threatening to leak sensitive data on their dark web blog if payment is not made.

Infection and Working Mechanism

  • Spread Methods: Akira ransomware is primarily distributed through spear-phishing emails with malicious attachments, drive-by downloads, and specially crafted web links. It also exploits insecure Remote Desktop connections to infiltrate systems.
  • Selective Encryption: The ransomware avoids encrypting specific system folders to maintain system stability.
  • Negotiation Process: Each victim is given a unique negotiation password to communicate with the ransomware gang via the threat actor’s Tor site.

Major targets

  • Corporate Networks: Akira ransomware targets corporate networks across various sectors, including education, finance, real estate, manufacturing, and consulting.
  • Data Exfiltration: In addition to encryption, the threat actors steal sensitive corporate data, using it as leverage in their extortion attempts.

Protective Measures against Akira Ransomware

  • Regular Backups: Maintain up-to-date offline backups to ensure data recovery in case of an attack.
  • System Updates: Regularly update operating systems and networks, and implement virtual patching for legacy systems.
  • Email Authentication: Establish Domain-based Message Authentication, Reporting, and Conformance (DMARC), Domain Keys Identified Mail (DKIM), and Sender Policy Framework (SPF) to prevent email spoofing and spam.
  • Strong Authentication: Enforce strong password policies and multi-factor authentication (MFA) to secure user accounts.
  • Data Encryption: Implement data-at-rest and data-in-transit encryption to protect sensitive information.
  • Attachment Blocking: Block suspicious attachment file types like .exe, .pif, or .url to prevent malicious downloads.
  • Security Audits: Conduct regular security audits, especially for critical networks and database servers, to identify vulnerabilities.

Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024

Attend Now

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments

JOIN THE COMMUNITY

Join us across Social Media platforms.

💥Mentorship December Batch Launch
💥💥Mentorship December Batch Launch