RANSOMWARE VIRUS 'AKIRA' (Syllabus: GS Paper 3 - Cyber Security)

News-CRUX-10     25th July 2023        
output themes

Context: An Internet ransomware virus 'Akira' that steals vital personal information and encrypts data leading to extortion of money from people has been reported in cyberspace, the Indian Computer Emergency Response Team (CERT-In) said.

Key Points

  • The ransomware group is "known to access victim environments via VPN [virtual private network] services, particularly where users have not enabled multi-factor authentication." 
  • Ransomware is a computer malware that infects and blocks users from using their own data and system and they can get it back against a pay-off.
  • This ransomware group has also utilised tools such as AnyDesk, WinRAR, and PCHunter during intrusions.
  • These tools are often found in the victim's environment, and their misuse typically goes unnoticed.

Computer Emergency Response Team (CERT-In)

    • CERT-In: It is an organisation of the Ministry of Electronics and Information Technology with the objective of securing Indian cyberspace.
    • Functions: It is the nodal agency which deals with cybersecurity threats like hacking and phishing.
      • CERT-IN provides Incident Prevention and Response Services as well as Security Quality Management Services.
    • Power: empowered under Section 70B of the Information Technology Act to collect, analyse and disseminate information on cyber security incidents.
  • Mandates of the CERT-In:
    • Mandatorily Enable Logs: It mandates all service providers, intermediaries, data centres, corporates and government organisations to mandatorily enable logs of all their ICT (Information and Communication Technology) systems.
    • Connect and Synchronize all ICT systems: To ensure the chain of events is accurately reflected in the time frame, service providers have been asked to connect and synchronize all their ICT systems clocks to the Network Time Protocol (NTP) Server of the National Informatics Centre (NIC) or National Physical Laboratory (NPL).
    • Requires Maintaining Records: It also require virtual asset, exchange, and custodian wallet providers to maintain records on KYC and financial transactions for a period of five years.
output themes