Cyber Alert: The country’s Federal Cyber Security Agency has issued its latest advisory to Internet users and warned them that in the cyber world, the Internet virus Akira is stealing personal information and encrypting data. The virus is doing this so that it can extort ransom money from people, so all users are asked to be careful. Giving information, he said, a ransomware named ‘Akira’ has been detected recently and is known to be active in the cyber world. Through this virus, cyber attackers steal victims’ data and encrypt the data present on their computers and force the victims to pay a double ransom in exchange for the return of the data.
Targeting Windows and Linux based systems
In the latest advisory issued by the Indian Computer Emergency Response Team (CERT-In) to internet users, in case of non-payment by victims, they expose their data to dark web blogs. If you don’t know, let us tell you that CERT-In is the central technology unit that fights cyber attacks and protects the cyber world from online attacks like espionage and hacking. Providing information, CERT-In said that this is the latest malware that steals people’s personal data and encrypts their data to extract huge ransom money from them. The advisory issued states that this new malware is targeting Windows and Linux based systems.
How dangerous Akira can be
If you don’t know, let us tell you that ransomware is a type of computer malware that blocks users from accessing their own data and systems. Later, it demands a ransom from the users to return their access. In a recently issued advisory, the Indian Computer Emergency Response Team has told internet users that a recently released ransomware operation called Akira is reported to be active in cyberspace.
How does Akira work?
According to the advisory issued, this group steals the personal information of the victims in the initial stage. After stealing data, it encrypts its system. By encrypting the data, he forces the victims to steal the ransom money. If the victim agrees to pay the ransom, then a fine and if he refuses to do so, the hackers publish the victim’s data on their dark web blogs. As we told you earlier that CERT-In is the central technology arm for countering cyber attacks, which keeps the cyber space safe against fixing and hacking attacks as well as other online attacks.
What was said in the advisory?
The ransomware group also used tools like AnyDesk, WinRAR and PCHunter during infiltration, the advisory issued said. All these tools are often installed on the victim’s computer and their abuse goes unnoticed. Akira’s technical intrusion description states that Akira deletes copies of Windows shadow volumes on target devices. The ransomware then encrypts the files with a set of predefined extensions and adds an Akira extension to each encrypted file name during this encryption process. During the encryption phase, the ransomware shuts down active Windows services using the Windows Restart Manager API. Ransomware encrypts files found in various hard drive folders except program data, recycle bin, boot, system volume information, and Windows folders. Once this happens, the user has no control over his system.
How to stay safe
Issuing an advisory for Internet users, CERT-In has suggested using basic security protocols to stay safe from such virus attacks in the online space. The advisory also states, keep operating systems and applications updated regularly and consider virtual patching to protect older systems and networks. He said, by doing this, cyber attacks can be stopped.
