Today's Headlines - 04 August 2023
CERT-In flagged Akira ransomware
GS Paper - 3 (ICT)
The central government’s Computer Emergency Response Team (CERT-In) issued an advisory flagging the emergence of a new ransomware called Akira. The Gurgaon police have also raised an alert about Akira.
What is Ransomware?
Ransomware is essentially a kind of malware — software used to gain unauthorised access to systems to steal data. This data can then be used by cyber criminals to demand a ransom.
Akira targets computer systems that run on Windows and Linux operating systems and is known to spread laterally across networks.
According to the advisory issued by the government, Akira steals personal data, encrypts it, and later extorts money from the victims.
In case a user refuses to pay, the ransomware actors threaten to release their data on the dark web.
What is Akira?
Akira is a new family of ransomware that was used for cyber attacks in the US and Canada in March this year.
This is different from the Akira ransomware that was flagged by Microsoft Defender Antivirus in 2017. In the US, the ransomware was reported to actively target several organisations and expose their sensitive data.
Akira uses a double-extortion technique to exfiltrate and encrypt data to increase the chances of extracting money from its victims.
It was first flagged in April, and a majority of its victims are from the US. The reason you are hearing about Akira right now is because of the number of organisations that it has impacted in the US and the latest advisory from the government.
How is Akira different from other ransomware?
Their routine includes exfiltrating data from hacked networks, then triggering encryption and posting a ransom demand.
Reportedly, once the gang is convinced that it has stolen enough data to extort money from the victim, they deploy Akira’s payload.
They Delete Windows Shadow Volume copies (a technology by Microsoft Windows that creates backup copies) from the devices using a PowerShell command: essential text-based instructions used to perform tasks, and manage systems, files, and settings.
After using the PowerShell command, the ransomware proceeds to encrypt a wide range of data file types and adds ‘.akira’ extension to them.
#upsc #news #headline #CERT #flagged #Akira #ransomware #ict #computer #emergency #police #cyber #linus #darkweb #victims #canada #antivirus #technique #shadow #powershell #system #software
CERT-In flagged Akira ransomware
GS Paper - 3 (ICT)
The central government’s Computer Emergency Response Team (CERT-In) issued an advisory flagging the emergence of a new ransomware called Akira. The Gurgaon police have also raised an alert about Akira.
What is Ransomware?
Ransomware is essentially a kind of malware — software used to gain unauthorised access to systems to steal data. This data can then be used by cyber criminals to demand a ransom.
Akira targets computer systems that run on Windows and Linux operating systems and is known to spread laterally across networks.
According to the advisory issued by the government, Akira steals personal data, encrypts it, and later extorts money from the victims.
In case a user refuses to pay, the ransomware actors threaten to release their data on the dark web.
What is Akira?
Akira is a new family of ransomware that was used for cyber attacks in the US and Canada in March this year.
This is different from the Akira ransomware that was flagged by Microsoft Defender Antivirus in 2017. In the US, the ransomware was reported to actively target several organisations and expose their sensitive data.
Akira uses a double-extortion technique to exfiltrate and encrypt data to increase the chances of extracting money from its victims.
It was first flagged in April, and a majority of its victims are from the US. The reason you are hearing about Akira right now is because of the number of organisations that it has impacted in the US and the latest advisory from the government.
How is Akira different from other ransomware?
Their routine includes exfiltrating data from hacked networks, then triggering encryption and posting a ransom demand.
Reportedly, once the gang is convinced that it has stolen enough data to extort money from the victim, they deploy Akira’s payload.
They Delete Windows Shadow Volume copies (a technology by Microsoft Windows that creates backup copies) from the devices using a PowerShell command: essential text-based instructions used to perform tasks, and manage systems, files, and settings.
After using the PowerShell command, the ransomware proceeds to encrypt a wide range of data file types and adds ‘.akira’ extension to them.
#upsc #news #headline #CERT #flagged #Akira #ransomware #ict #computer #emergency #police #cyber #linus #darkweb #victims #canada #antivirus #technique #shadow #powershell #system #software