[ad_1]
The country’s federal cyber security agency said that the ransomware first encrypts the data and then forces the victim into paying the ransom amount. “In case the victim does not pay, they release their victim’s data on their dark web blog,” the advisory noted.
The technology arm also advised that users should follow a strong password policy. Here’s what the advisory said:
A recently emerged Ransomware operation dubbed Akira is reportedly active in cyberspace. This ransomware is targeting both Windows and Linux-based systems. This group first steals the information from the victims, then encrypts data on their systems and conducts double extortion to force the victim into paying the ransom. In case the victim does not pay, they release their victim’s data on their dark web blog. The group is known to access victim environments via VPN services, particularly where users have not enabled multi-factor authentication. The group has also utilised tools such as AnyDesk, WinRAR, and PCHunter during intrusions. These tools are often found in the victim’s environment, and their misuse typically goes unnoticed.
How Akira targets victims
According to CERT-In, Akira first deletes Windows Shadow Volume Copies on the infected device and encrypts files by adding ‘.akira’ extension. It also shuts down active Windows services using the Windows Restart Manager APL during the encryption process.
“This step prevents any interference with the encryption process. It encrypts files found in various hard drive folders, excluding the ProgramData, Recycle Bin, Boot, System Volume Information, and Windows folders. To maintain system stability, it refrains from modifying Windows system files, which include files with extensions like .sys, .msi, dll .Ink, and exe,” the advisory said.
How to safeguard
It is advised that users must update the operating systems and apps on a regular basis. Users are also advised to use strong passwords, multi-factor authentication and avoid clicking malicious links on the internet.
[ad_2]
Source link