“The Knowledge Library”

Knowledge for All, without Barriers…

An Initiative by: Kausik Chakraborty.
03/10/2023 5:57 AM

“The Knowledge Library”

Knowledge for All, without Barriers……….
An Initiative by: Kausik Chakraborty.

The Knowledge Library

Akira Ransomware

What is the Akira Ransomware?

  • Encryption and Data Theft: Akira ransomware encrypts sensitive data on targeted devices and appends the “akira” extension to filenames, making the files inaccessible to users.
  • Shadow Volume Deletion: The ransomware deletes Windows Shadow Volume copies, hindering data recovery options for affected organizations.
  • Ransom Demands: The ransomware operators extort victims by demanding a double ransom for decryption and recovery, threatening to leak sensitive data on their dark web blog if payment is not made.

Infection and Working Mechanism

  • Spread Methods: Akira ransomware is primarily distributed through spear-phishing emails with malicious attachments, drive-by downloads, and specially crafted web links. It also exploits insecure Remote Desktop connections to infiltrate systems.
  • Selective Encryption: The ransomware avoids encrypting specific system folders to maintain system stability.
  • Negotiation Process: Each victim is given a unique negotiation password to communicate with the ransomware gang via the threat actor’s Tor site.

Major targets

  • Corporate Networks: Akira ransomware targets corporate networks across various sectors, including education, finance, real estate, manufacturing, and consulting.
  • Data Exfiltration: In addition to encryption, the threat actors steal sensitive corporate data, using it as leverage in their extortion attempts.

Protective Measures against Akira Ransomware

  • Regular Backups: Maintain up-to-date offline backups to ensure data recovery in case of an attack.
  • System Updates: Regularly update operating systems and networks, and implement virtual patching for legacy systems.
  • Email Authentication: Establish Domain-based Message Authentication, Reporting, and Conformance (DMARC), Domain Keys Identified Mail (DKIM), and Sender Policy Framework (SPF) to prevent email spoofing and spam.
  • Strong Authentication: Enforce strong password policies and multi-factor authentication (MFA) to secure user accounts.
  • Data Encryption: Implement data-at-rest and data-in-transit encryption to protect sensitive information.
  • Attachment Blocking: Block suspicious attachment file types like .exe, .pif, or .url to prevent malicious downloads.
  • Security Audits: Conduct regular security audits, especially for critical networks and database servers, to identify vulnerabilities.

Sign up to Receive Awesome Content in your Inbox, Frequently.

We don’t Spam!
Thank You for your Valuable Time

Share this post