Facts for Prelims (FFP)
Context: The Akira ransomware is a type of ransomware that targets both Windows and Linux devices.
- It encrypts data on the affected devices, appends filenames with the “.akira” extension, and deletes Windows Shadow Volume copies to prevent data recovery.
- The ransomware also terminates Windows services to ensure uninterrupted encryption. After stealing and encrypting sensitive data, the attackers demand a ransom, threatening to release the data on the dark web if their demands are not met.
How it works?
- The ransomware is spread through spear phishing emails with malicious attachments, drive-by downloads, specially crafted web links in emails, and insecure Remote Desktop connections.
- It has targeted various domains, including education, finance, real estate, manufacturing, and consulting, and once inside a corporate network, it spreads laterally to other devices using stolen Windows domain admin credentials.
To protect against Akira ransomware and other similar threats, users are advised to:
- Maintain up-to-date offline backups
- Keep operating systems and networks updated
- Implement strong password policies and multi-factor authentication
- Enforce data encryption
- Block attachment file types that are commonly associated with malicious code
- Regular security audits of critical systems