The attackers behind Akira first steal vital personal information from their victims and then proceed to encrypt the data on their systems. (Pixabay)

Alert Issued for ‘AKIRA’ Ransomware Attackers Utilizing AnyDesk and WinRAR

The Indian Computer Emergency Response Team (CERT-In) has raised an alarm regarding a recently discovered internet ransomware virus named ‘Akira,’ causing considerable worry. This harmful program is specifically created to attack systems operating on both Windows and Linux platforms.

According to a PTI report. The attackers behind Akira first steal important personal information from their victims and then proceed to encrypt data on their systems. In order to force victims to pay the ransom, they engage in a two-fold blackmail tactic.

According to CERT-In’s latest advisory, if the victim refuses to pay the ransom, the attackers will post the stolen information on their dark web blog. The agency highlights that Akira operators are known to utilize VPN services, especially when users have not enabled multi-factor authentication. In their infiltration, the ransomware group has been found to use tools such as AnyDesk, WinRAR and PCHunter, which often go unnoticed by victims.

Akira Ransomware

Virus specifications reveal that “Akira” deletes Windows Shadow Volume Copies from the target device before encrypting files. During this encryption process, the .akira extension is added to the name of each encrypted file. In addition, the ransomware terminates active Windows services using the Windows Restart Manager API to prevent interference with the encryption process. Files in several hard drive folders except the ProgramData, Recycle Bin, Boot, System Volume Information, and Windows folders are encrypted.

What can you do

CERT-In advises internet users to follow basic hygiene and security protocols to protect themselves from such attacks. Offline backup of important data is highly recommended to avoid data loss in case of infection. Regularly updating operating systems and applications is also crucial, and virtual patching can be used to protect legacy systems and networks from cybercriminals exploiting vulnerabilities in outdated software.

Strong passwords and MFA

In addition, the advisory emphasized the importance of strong password policies and multi-factor authentication (MFA) to improve security. Users should avoid installing updates or patches from unofficial channels and take other necessary measures against cyber and ransomware attacks. Being proactive in adopting these practices can help individuals and organizations remain resilient against the Akira ransomware threat.