AKIRA RANSOMWARE
Akira ransomware is a relatively new ransomware operation that was first discovered in March 2023. It is a Windows and Linux ransomware that encrypts files and demands a ransom payment. If users refuse to pay, ransomware acts threaten to release their data on the dark web.
Akira ransomware typically targets organizations that have not enabled multi-factor authentication (MFA) on their Cisco VPNs. The attackers exploit known vulnerabilities in Cisco VPNs to gain access to the victim’s network. Once they have access, they deploy the Akira ransomware to encrypt files on the victim’s devices.
Moreover, Akira ransomware is a unique type of malware that infiltrates and compromises computer systems. Once entered, it encrypts files of various types, making them inaccessible to the user. To make matters worse, Akira ransomware can erase Windows shadow volume copies, reducing the possibilities of data recovery without paying the ransom.
How is Akira different from other ransomware?
Malware is any software that is used to obtain unauthorised access to IT systems in order to steal data, disrupt system services, or otherwise harm IT networks.
Ransomware is a type of virus in which specific data or systems are kept hostage by attackers until a payment or ransom is paid.
The Akira ransomware encrypts files with the .akira extension. It also creates a ransom note named READ_ME_Akira.txt in the same folder as the encrypted files. The ransom note contains instructions on how to contact the attackers and pay the ransom in cryptocurrency.
What’s with the ’80s aesthetics?
According to sources, the Akira leak site adopts a distinctively retro appearance. The website stands out with its use of a classic neon green color scheme set against a black background. Interestingly, it lacks the conventional toggle buttons found on typical websites, requiring users (or victims) to input commands rather than navigating through drop-down menus or radio buttons.
In addition, some reports indicate that the Akira ransomware homepage features a ‘news’ command, providing access to a list of up to 16 organizations that the group had targeted as of May. The stolen information from each organization is summarized and displayed alongside the corresponding company names on the page.
How does Akira infect the device?
. Attackers may send phishing emails with malicious attachments or links in the form of archived content (zip/rar) files. These emails often appear as legitimate messages from trusted sources, enticing victims to open the attachment or click on a link.
. Drive-by-download, a cyber-attack that mistakenly downloads malicious code onto a device, and specially constructed web links in emails, clicking on which downloads malicious malware, are two further methods used to infect devices.
. According to reports, the malware spreads via unsecured Remote Desktop connections.
. Watering Hole Attacks: In this method, attackers compromise websites that their targeted victims frequently visit. When victims access these websites, they unwittingly download ransomware onto their devices
Akira Ransomware is renowned for using complex encryption algorithms that make data recovery nearly difficult in the absence of the decryption key. For many victims, this has resulted in irreparable data loss, resulting in financial losses, compromising personal information, and the suspension of key services.
How to safeguard yourself from Akira?
However, there are a few things that organization can do to reduce the risk:
- Enable MFA ( multifunction authentication ) on all Cisco VPNs.
- Keep all software up to date, including Cisco VPN software.
- Use a strong password policy and require employees to change their passwords regularly.
- Have a backup plan in place in case of a ransomware attack.
- Educate yourself and your staff about phishing attacks and the dangers of clicking on questionable links or downloading unexpected attachments.
- Be cautious of suspicious emails and links.
Finally, the Akira ransomware is a prime example of the constantly evolving and increasingly complex cyber threats that individuals and organisations face today. You can improve your digital defenses and reduce the danger of being a victim of such attacks by knowing their mechanisms and making proactive efforts to secure your systems and data. Stay alert, stay informed, and stay safe.
