Malware (Malicious Software), Types of Malware & Akira Ransomware

Context (IE | TH ): Computer Emergency Response Team of India (CERT-In) issued an alert for ransomware malware named “Akira”.

Malware (malicious software)

Malware is any program (computer code)/file that is harmful to the user of an electronic device.
Malware can monitor/steal/encrypt/alter/delete data and hijack core computing functions.
Mobile malware can access the device’s components, such as the camera, microphone, GPS, etc.

Malware can be delivered to a device with a USB drive or can spread over the internet through downloads, softwares, applications, etc.
Phishing attacks are a common type of malware delivery where emails/SMS/Whatsapp messages disguised as legitimate messages contain malicious links/attachments that deliver the malware.

Virus: malware which can execute itself and spread by infecting other programs or files.
Worm: self-replicating malware that typically spreads without any human interaction.
Trojan horse: designed to appear as a legitimate program in order to gain access to a system. Once activated, Trojans can execute their malicious functions.
Spyware: malware that collects data on the device and spy on activities of unsuspecting users.
Ransomware: malware that infects a user’s system and encrypts the data. Cybercriminals then demand a ransom payment from the victim in exchange for decrypting the system’s data.
Rootkit: malware created to obtain administrator-level access to the victim’s system. Once installed, the program gives threat actors root or privileged access to the system.
Adware: malware used to track a user’s browser and download history with the intent to display pop-up or banner advertisements that lure the user into making a purchase.
Keyloggers: also called system monitors, are used to see nearly everything a user does on their computer. This includes emails, opened web pages, programs and keystrokes.

Ransomware encrypts the victim’s data or locks them out of their computer systems.
The attackers then demand a ransom from the victim (usually payable in cryptocurrency like Bitcoin) in exchange for providing the decryption key or restoring access to the system.
It typically spreads through phishing emails that contain malicious attachments.
Ransomware attacks are a significant cybersecurity threat, causing disruptions, financial losses, and data breaches to individuals, businesses, and organisations worldwide.

Akira ransomware target both Windows and Linux devices.
It uses Virtual Private Network (VPN) services to trick users into downloading malicious files.
After infecting a sytem, it shuts down Windows services that restrict it from encrypting files.
Once it steals/encrypts sensitive data, the group behind the attack extorts the victims for a ransom, threatening to release the data on their dark web blog.

Virtual Private Network (VPN): It is a technology that allows users to create a secure and encrypted connection to the internet.
When you connect to a VPN server, your internet traffic is routed through an encrypted tunnel, making it difficult for third parties, including internet service providers and potential hackers, to monitor or intercept your online activities.

Virtual Private Network (VPN)

Dark Web: It is a part of the internet that is intentionally hidden and not indexed by traditional search engines. They are accessible only by a specialized web browser.

It is a subset of the deep web, which includes all web pages that are not indexed by search engines (such as private databases, intranets, and password-protected sites).
It can be accessed using specialized software and is generally associated with illegal activities.

Context (TH | IE | TH | IE): Apple alerted opposition leaders of a “potential state-sponsored spyware attack” on their iPhones.

Undermining trust in elections: Spyware can manipulate public opinion, gather information on political opponents, or spread disinformation.
Silencing dissent: Spyware can monitor and track dissidents, activists, and journalists.
Surveillance of political figures: State-sponsored spyware can monitor political opponents.
Violates privacy: It undermines the personal freedoms and civil liberties the Constitution grants.

The IT Act 2000 is the primary law governing cybercrime in India. Certain provisions of the Act can be used to prosecute spyware developers and users.
The IT Act
- Prohibits sending unsolicited commercial communications, which could include spyware
- Prohibits the sending of offensive messages, which could also include spyware
- Prohibits the hacking of computer systems, which could include the installation of spyware.
- Empowers the GoI to intercept, monitor, or decrypt computer data for national security, public order, or crime prevention

In 2021, Pegasus spyware created by the Israeli cybersecurity firm NSO Group allegedly targeted mobile phones in multiple countries, including India.
The Supreme Court formed an Expert Committee led to investigate Pegasus spyware allegations.
The committee did not find conclusive evidence of Pegasus spyware on the examined phones.

CERT-In is the national nodal agency to deal with cyber security threats like hacking and phishing.
It is an office within the Ministry of Electronics and Information Technology (MeitY).
It was formed in 2004 under Information Technology Act, 2000.