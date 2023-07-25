India's nodal agency for computer security-related threats has issued a warning to citizens and organisations about the emergence of a new ransomware called 'Akira'. Union government's Computer Emergency Response Team-India (CERT-In) issued the critical advisory on Monday, stating that the ransomware was targeting both Windows and Linux-based operating systems.

The agency informed that the group responsible for the ransomware compromised the users via VPN services, particularly when the users had not enabled multi-factor authentication. It also hoodwinked the users through tools such as AnyDesk, WinRAR, and PC Hunter, to download benign-looking files.

Once inside the system, the ransomware turns itself on and encrypts all sensitive information and converts them into files with .akira extensions.

"The attack process begins when a sample of the Akira ransomware is executed. Upon execution, Akira deletes the Windows Shadow Volume Copies on the targeted device. The ransomware then encrypts files with a predefined set of extensions. A '.akira' extension is appended to each encrypted file's name during this encryption process," noted the agency.

Once the data is harvested, the victims are threatened to pay a ransom or else the content, explicit in some instances will be posted on social media platforms. Meanwhile corporate companies are threatened that their trade secrets will be sold on dark web to the highest bidder.

What you can do to avoid ransomware attacks

The ransomware has been active in the cyber world since March 2023, most often breaching corporate networks. To avoid becoming a victim, CERT-In advises the users to follow basic internet hygiene and protection protocols,

Maintaining official backups of critical data is highly recommended to avoid data loss even when the bad actors get their hands on it.

To ensure hackers have no way way in, strong password policies and multi-factor authentication (MFA) should be enforced religiously.

Similarly, a strict External Device (USB drive) usage policy and data-at-rest and data-in-transit encryption should be used. Attachments with file types such as exe, pif, tmp, url, vb, vbe, scr, reg, cer, pst, md among others should be blocked

Additionally, conduct Vulnerability Assessment and Penetration Testing (VAPT) and information security audits of critical networks/systems, especially database servers, from CERT-IN empanelled auditors. Repeat audits at regular intervals

(With inputs from agencies)