Recently, the Computer Emergency Response Team of India issued an alert for ransomware dubbed Akira.
GS III: Security Challenges
Dimensions of the Article:
- About Akira Ransomware:
- What is ransomware?
- What is Cyber Attack and Cyber Security?
- What are other similar types of Cyber Attacks?
- Akira Ransomware is a malicious software designed to encrypt data on targeted devices, leaving them inaccessible to users.
- It appends the “.akira” extension to the filenames of all encrypted files, giving it its name.
- The ransomware also creates a ransom note and deletes Windows Shadow Volume copies to hinder data recovery.
- The ransomware closes processes and Windows services that could prevent it from encrypting files.
- It exploits VPN services, especially when users haven’t enabled two-factor authentication, to deliver malicious files.
- The ransomware uses the Windows Restart Manager API to terminate active Windows services, ensuring smooth encryption.
- It avoids encrypting crucial system folders like Program Data, Recycle Bin, Boot, and System Volume information to maintain system stability.
- Certain Windows system files with extensions like “.syn,” “.msl,” and “.exe” are also left unmodified.
- Once data is encrypted and stolen, Akira leaves a ransom note named “akira_readme.txt,” providing information about the attack and a link to the negotiation site.
- Each victim receives a unique negotiation password to communicate with the ransomware gang through the threat actor’s Tor site.
- Unlike typical ransomware operations, Akira’s negotiation site employs a chat system, allowing direct communication with the ransomware gang.
What is ransomware?
- Ransomware is a type of malicious software, used by cyber criminals, to infect a computer system by blocking access to the stored data by encrypting the files.
- A ransom is then demanded from the owner in exchange for the decryption key.
- While it is not yet clear as to how exactly the AIIMS computer systems were targeted, the malware may usually be injected remotely by tricking the user into downloading it upon clicking an ostensibly safe web link sent via email or other means, including hacking.
- It can spread throughout the network by exploiting existing vulnerabilities. Ransomware attacks can also be accompanied by theft of sensitive data for other sinister motives.
What is Cyber Attack and Cyber Security?
- Cyber attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A Cyber Attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks. Cybercriminals use a variety of methods to launch a Cyber Attack, including malware, phishing, ransomware, denial of service, among other methods.
- Cybersecurity means securing the cyberspace from attack, damage, misuse and economic espionage. Cyberspace is a global domain within the information environment consisting of interdependent IT infrastructure such as Internet, Telecom networks, computer systems etc.
What are other similar types of Cyber Attacks?
- Viruses which are the most commonly-known form of malware and potentially the most destructive. They can do anything from erasing the data on your computer to hijacking your computer to attack other systems, send spam, or host and share illegal content.
- Worm is a type of malware that spreads copies of itself from computer to computer which can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.
- Trojan is a type of malware that is often disguised as legitimate software which can be employed by cyber-thieves and hackers trying to gain access to users’ systems.
- Spyware collects your personal information and passes it on to interested third parties without your knowledge or consent. Spyware is also known for installing Trojan viruses.
- Adware displays pop-up advertisements when you are online.
- Fake security software poses as legitimate software to trick you into opening your system to further infection, providing personal information, or paying for unnecessary or even damaging “clean ups”.
- Browser hijacking software changes your browser settings (such as your home page and toolbars), displays pop-up ads and creates new desktop shortcuts. It can also relay your personal preferences to interested third parties.
Which agencies in India deal with cyber-attacks?
- Set up in 2004, the Indian Computer Emergency Response Team (CERT-In) is the national nodal agency that collects, analyses and circulates inputs on cyber-attacks; issues guidelines, advisories for preventive measures, forecasts and issues alerts; and takes measures to handle any significant cyber security event.
- It also imparts training to computer system managers.
- The National Cyber Security Coordinator, under the National Security Council Secretariat, coordinates with different agencies at the national level on cybersecurity issues, while the National Critical Information Infrastructure Protection Centre has been set up for the protection of national critical information infrastructure.
- According to the government, the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for detection of malicious software programmes and to provide free tools to remove the same, while the National Cyber Coordination Centre works on creating awareness about existing and potential threats.
-Source: The Hindu