What is the Akira Ransomware?
- Encryption and Data Theft: Akira ransomware encrypts sensitive data on targeted devices and appends the “akira” extension to filenames, making the files inaccessible to users.
- Shadow Volume Deletion: The ransomware deletes Windows Shadow Volume copies, hindering data recovery options for affected organizations.
- Ransom Demands: The ransomware operators extort victims by demanding a double ransom for decryption and recovery, threatening to leak sensitive data on their dark web blog if payment is not made.
Infection and Working Mechanism
- Spread Methods: Akira ransomware is primarily distributed through spear-phishing emails with malicious attachments, drive-by downloads, and specially crafted web links. It also exploits insecure Remote Desktop connections to infiltrate systems.
- Selective Encryption: The ransomware avoids encrypting specific system folders to maintain system stability.
- Negotiation Process: Each victim is given a unique negotiation password to communicate with the ransomware gang via the threat actor’s Tor site.
Major targets
- Corporate Networks: Akira ransomware targets corporate networks across various sectors, including education, finance, real estate, manufacturing, and consulting.
- Data Exfiltration: In addition to encryption, the threat actors steal sensitive corporate data, using it as leverage in their extortion attempts.
Protective Measures against Akira Ransomware
- Regular Backups: Maintain up-to-date offline backups to ensure data recovery in case of an attack.
- System Updates: Regularly update operating systems and networks, and implement virtual patching for legacy systems.
- Email Authentication: Establish Domain-based Message Authentication, Reporting, and Conformance (DMARC), Domain Keys Identified Mail (DKIM), and Sender Policy Framework (SPF) to prevent email spoofing and spam.
- Strong Authentication: Enforce strong password policies and multi-factor authentication (MFA) to secure user accounts.
- Data Encryption: Implement data-at-rest and data-in-transit encryption to protect sensitive information.
- Attachment Blocking: Block suspicious attachment file types like .exe, .pif, or .url to prevent malicious downloads.
- Security Audits: Conduct regular security audits, especially for critical networks and database servers, to identify vulnerabilities.