Free decryptor released for the Akira ransomware
Czech cybersecurity firm Avast released a free decryptor for the Akira ransomware to help victims to recover their data without paying a ransom.
Akira is a relatively new ransomware strain first spotted in March 2023. Before triggering Akira’s encryption process and posting a ransom demand, the operators behind the ransomware exfiltrate data from compromised machines. Then the hackers deploy Akira's payload.
The ransomware encrypts data, appends the “.akira” extension to the filenames of all affected files, and creates a ransom note. Upon execution, Akira runs a PowerShell command to delete Windows Shadow Volume Copies on the device.
The ransomware avoids certain folders, including Recycle Bin, System Volume Information, Boot, ProgramData, and Windows, as well as specific Windows system files with .exe, .lnk, .dll, .msi, and .sys extensions.
Last month, cybersecurity researchers spotted a Linux variant of the Akira ransomware targeting VMware ESXi virtual machines.
Latest Posts
What is Vulnerability Management? A Beginner's Guide
In this article will try to cover basics of vulnerability management process and why it is important to every company.
Cyber Security Week in Review: September 6, 2024
In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore
Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.