Print Friendly, PDF & Email

Akira ransomware

Facts for Prelims (FFP)

Source: TH


Context: The Akira ransomware is a type of ransomware that targets both Windows and Linux devices.

  • It encrypts data on the affected devices, appends filenames with the “.akira” extension, and deletes Windows Shadow Volume copies to prevent data recovery.
  • The ransomware also terminates Windows services to ensure uninterrupted encryption. After stealing and encrypting sensitive data, the attackers demand a ransom, threatening to release the data on the dark web if their demands are not met.


How it works?

  • The ransomware is spread through spear phishing emails with malicious attachments, drive-by downloads, specially crafted web links in emails, and insecure Remote Desktop connections.
  • It has targeted various domains, including education, finance, real estate, manufacturing, and consulting, and once inside a corporate network, it spreads laterally to other devices using stolen Windows domain admin credentials.


To protect against Akira ransomware and other similar threats, users are advised to:

  • Maintain up-to-date offline backups
  • Keep operating systems and networks updated
  • Implement strong password policies and multi-factor authentication
  • Enforce data encryption
  • Block attachment file types that are commonly associated with malicious code
  • Regular security audits of critical systems