This computer malware is targeting Windows and Linux-based systems, it said.
The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology has cautioned internet users against a ransomware virus called Akira. It steals vital personal information and encrypts data leading to extortion of money from people, the country's federal cyber security agency has said in the latest advisory. This computer malware is targeting Windows and Linux-based systems, it said.
"A recently emerged ransomware operation dubbed Akira is reportedly active in cyberspace. This group first steals the information from victims, then encrypt data on their systems and conducts double extortion to force the victim into paying the ransom," it said.
"In case the victim does not pay, they release their victim's data on their dark web blog," CERT-In said in a latest advisory to internet users. The agency is the central technology arm to combat cyber attacks and guards the cyber space against phishing and hacking assaults and similar online attacks.
READ | Nagpur: Man loses Rs 58 crore in online gambling, Rs 14 crore cash, 4 kg gold biscuit recovered from scammer
It said the ransomware group is "known to access victim environments via VPN (virtual private network) services, particularly where users have not enabled multi-factor authentication." Ransomware is a computer malware that infects and blocks users from using their own data and system and they can get it back against a pay-off.
How does it work?
This ransomware group has also utilised tools such as AnyDesk, WinRAR, and PCHunter during intrusions, it said, adding these tools are often found in the victim's environment, and their misuse typically goes unnoticed.
Describing the technical intrusion of the virus, the advisory said 'Akira' deletes the Windows Shadow Volume Copies on the targeted device. The ransomware subsequently encrypts files with a predefined set of extensions and a '.Akira' extension is appended to each encrypted file's name during this encryption process, it said.
In the encryption phase, the ransomware terminates active Windows services using the Windows Restart Manager API. This step prevents any interference with the encryption process, the advisory stated.
The ransomware encrypts files found in various hard drive folders, excluding the ProgramData, Recycle Bin, Boot, System Volume Information, and Windows folders.
(With inputs from PTI)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
 "Centre cautions internet users against ransomware Akira which steals personal data to extort money")
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}