Threat Database Ransomware Akira Ransomware

Akira Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 14
First Seen: September 1, 2017
Last Seen: July 3, 2021
OS(es) Affected: Windows

The Akira Ransomware is an encryption ransomware Trojan, used to trick inexperienced computer users. These Trojans are used to carry out a tactic that consists of encrypting the victim's files, making them unusable. Once the victim loses access to their files, these Trojans demand the payment of a ransom in exchange for the decryption key necessary to recover the affected files. Unfortunately, these Trojans use very strong encryption algorithms that make it nearly impossible to recover files encrypted by the attack. Because of this, it is necessary to have file backups to prevent becoming a victim of these infections.

The Akira Ransomware Seems to be the Work of an Independent Developer

Encryption ransomware Trojans are among the most common threat types active today. In the last two years, encryption ransomware Trojans like the Akira Ransomware have spiked, increasing their presence in the wild substantially. Because of this, it is more important than ever to take the appropriate precautions against these threats. PC security researchers first observed the Akira Ransomware itself on August 28, 2017. The Akira Ransomware does not seem to belong to a larger family of ransomware or use a Ransomware as a Service (RaaS) tactic. The Akira Ransomware, probably from independent threat actors, does seem, however, to be very similar to most other encryption ransomware Trojans active today. PC security researchers observed that the Akira Ransomware seems to be incomplete and still in a testing phase. The Akira Ransomware was spotted on an online security platform (the con artists will often submit unfinished versions of their new threats as a way of testing whether their new Trojans are capable of evading anti-virus detection).

How the Akira Ransomware Works

Like most encryption ransomware Trojans, the Akira Ransomware works by encrypting the victims' files using a strong encryption algorithm. However, the current version of the Akira Ransomware does not encrypt as many file types as most ransomware Trojans. In fact, the Akira Ransomware seems to target only video files in its attack. This may be an indicator that the Akira Ransomware is targeting these specific targets only (such as video sharing Web platforms) or, more likely, it's a symptom of the Akira Ransomware being unfinished. The Akira Ransomware is being distributed by hacking unprotected websites currently, by taking advantage of vulnerabilities on WordPress-powered websites specifically. During its attack, the Akira Ransomware will use a combination of the AES and RSA encryptions to make the victim's files unusable. The Akira Ransomware will mark the files encrypted by the attack by adding the file extension '.akira' to each file it encrypts. In its current state, the Akira Ransomware only encrypts video files. The Akira Ransomware also will delete the Shadow Volume copies of the files, as a way of preventing computer users from recovering their files using these alternate method types. After encrypting the victim's files, the Akira Ransomware will display a ransom note demanding a ransom payment from the victim in exchange for decrypting the affected files. PC security researchers advise computer users not to pay any ransom associated with the Akira Ransomware attack.

Dealing with an Akira Ransomware Infection

The best protection against ransomware Trojans like the Akira Ransomware is to have measures in place to help you recover your files after an attack. Computer users that have file backups can restore the affected files quickly and easily. Apart from file backups, they should use a reliable security program that is fully up-to-date to intercept the Akira Ransomware and similar infections and apply any security updates available for website platforms to prevent these attacks.


Most Viewed