CERT-In cautions internet users against Ransomware 'Akira' attack
The government has issued a warning to internet users about a hazardous malware that goes by the name of Akira ransomware. This malicious software primarily targets Windows and Linux systems, making it a significant looming threat. The Indian Computer Emergency Response Team (CERT-In) has recently reported the emergence of this new internet ransomware virus in an alert.
The group responsible for the development of Akira ransomware is notorious for its ability to gather sensitive personal information from its victims. They employ encryption techniques to lock up the victim's data and demand a ransom in return for its release. To further intimidate their victims, the gang threatens to expose their personal information on the dark web if the ransom is not paid.
In their advisory, CERT-In highlights that the ransomware organization commonly exploits VPN services to gain access to victim environments. This is particularly true in cases where multifactor authentication is not activated. Additionally, they make use of various programs such as AnyDesk, WinRAR, and PCHunter to carry out their malicious activities.
What is Akira ransomware?
Based on the advisory report, there is a new ransomware operation named Akira that has recently emerged in the cyber world. This ransomware has been active since March 2023.
The method used by this gang involves acquiring victims' information and then employing double extortion techniques to encrypt data on their systems, subsequently demanding ransom payments. The advisory highlights that these malicious activities often go undetected as the tools used by the attackers are often familiar and easily overlooked by the victims. Therefore, caution is advised when downloading files from unknown sources, especially through messaging platforms like WhatsApp.
In recent months, CERT-In (Computer Emergency Response Team-India) has issued warnings about two other forms of ransomware. The first is Bl00dy ransomware, which specifically targeted the education sector in June. The second is Trigona ransomware, which poses a threat to various systems. These instances serve as reminders of the evolving and persistent nature of ransomware attacks.
In a significant incident that occurred in December of the previous year, five servers of India's esteemed medical facility, the All India Institute of Medical Sciences (AIIMS) in Delhi, were victims of a cyber-attack. The perpetrators managed to access the AIIMS information technology network due to inadequate network segmentation. As a result, an estimated 1.3 terabytes of data were encrypted, causing severe disruption to the hospital's critical applications.
This disruption caused inconvenience not only to patients but also to doctors, paramedics, and administrative staff. The necessary measures to rectify the problem took approximately a week to complete, highlighting the significant impact and recovery challenges posed by such attacks.
