{"id":13609,"date":"2023-08-01T03:24:07","date_gmt":"2023-07-31T21:54:07","guid":{"rendered":"https:\/\/vajiramandravi.com\/current-affairs\/?p=13609"},"modified":"2025-04-02T05:46:24","modified_gmt":"2025-04-02T00:16:24","slug":"akira-ransomware","status":"publish","type":"post","link":"https:\/\/vajiramandravi.com\/current-affairs\/akira-ransomware\/","title":{"rendered":"Akira Ransomware"},"content":{"rendered":"<h2><strong>About Akira Ransomware:<\/strong><\/h2>\n<p>&nbsp;<\/p>\n<ul>\n<li>It is <strong>designed to encrypt data<\/strong>, create a ransomware note and delete Windows Shadow Volume copies on affected devices.<\/li>\n<li>The ransomware gets its name due to its ability to modify filenames of all encrypted files by appending <strong>them with the \u201c.akira\u201d extension.<\/strong><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3>How does Akira Ransomware work?\u00a0<\/h3>\n<ul>\n<li>The ransomware is designed to <strong>close processes or shut down Windows services<\/strong> that may keep it from encrypting files on the affected system.<\/li>\n<li>It uses VPN services, especially when users have not enabled two-factor authentication, to trick users into downloading malicious files.<\/li>\n<li>The ransomware also <strong>terminates active Windows services<\/strong> using the Windows Restart Manager API, preventing any interference with the encryption process.<\/li>\n<li>It is designed <strong>to not encrypt Program Data, Recycle Bin, Boot, System<\/strong> Volume information, and other folders instrumental in system stability.<\/li>\n<li>It also avoids modifying Windows system files with extensions like .syn. .msl and .exe.<\/li>\n<li>Once sensitive data is stolen and encrypted, the ransomware <strong>leaves behind a note named akira_readme.txt<\/strong> which includes information about the attack and the link to Akira\u2019s leak and negotiation site.<\/li>\n<li>Each victim is given a unique negotiation password to be entered into the threat actor\u2019s Tor site.<\/li>\n<li>Unlike other ransomware operations, this negotiation <strong>site just includes a chat system that the victim can use to communicate<\/strong> with the ransomware gang.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3>How does ransomware infect devices?<\/h3>\n<ul>\n<li>Ransomware is typically <strong>spread through spear phishing emails<\/strong> that contain malicious attachments in the form of archived content (zip\/rar) files.<\/li>\n<li>Other methods used to infect <strong>devices include drive-by-download<\/strong>, a cyber-attack that unintentionally downloads malicious code onto a device, and specially crafted web links in emails, clicking on which downloads malicious code.<\/li>\n<li>The ransomware reportedly also spreads through <strong>insecure Remote Desktop connections.<\/strong><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<hr \/>\n<h3>Q1) What is An operating system?<\/h3>\n<p>An operating system (OS) is a software program that manages computer hardware and software resources and provides services for computer programs. It acts as an intermediary between applications and the computer hardware, allowing users and applications to interact with the computer efficiently and effectively.<\/p>\n<p><strong>Source:\u00a0<\/strong><a href=\"https:\/\/www.thehindu.com\/sci-tech\/technology\/what-is-the-akira-ransomware\/article67134462.ece\" target=\"_blank\" rel=\"nofollow noopener\"><u>What is the Akira ransomware, and why has the government issued a warning against it?<\/u><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Akira Ransomware is designed to encrypt data, create ransomware note and delete Windows Shadow Volume copies on affected devices.<\/p>\n","protected":false},"author":5,"featured_media":13610,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-13609","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-upsc-prelims-current-affairs","8":"no-featured-image-padding"},"acf":[],"_links":{"self":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/posts\/13609","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/comments?post=13609"}],"version-history":[{"count":0,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/posts\/13609\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/media\/13610"}],"wp:attachment":[{"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/media?parent=13609"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/categories?post=13609"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vajiramandravi.com\/current-affairs\/wp-json\/wp\/v2\/tags?post=13609"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}