What is the Akira ransomware, and why has the government issued a warning against it?

Source: The post is based on the article “What is the Akira ransomware, and why has the government issued a warning against it?”  published in The Hindu on 1st August 2023.

What is the News?

The Computer Emergency Response Team of India has issued an alert for ransomware called “Akira.”

What is Akira?

Akira is a type of ransomware. It is found to target both Windows and Linux devices.

It gets its name due to its ability to modify filenames of all encrypted files by appending them with the “.akira” extension.

How does Akira infect devices?

Ransomware typically spreads through spear phishing emails that contain malicious attachments in the form of archived content (zip/rar) files. 

Other methods used to infect devices include drive-by-download, a cyber-attack that unintentionally downloads malicious code onto a device and specially crafted web links in emails, clicking on which downloads malicious code.

What does Akira do after infecting devices?

Once it infects the device, Akira ransomware deletes Windows Shadow Volume copies. These files are instrumental in ensuring that organizations can back up data used in their applications for day-to-day functioning.

It then steals the sensitive data and leaves a note (akira_readme.txt) with attack details and a link to the negotiation site. 

The attackers then demand a ransom, threatening to publish the data on their dark web blog if the demands are not met.