Tuesday, January 14, 2020

Ako Ransomware

Ako ransomware is the most modern ransomware and it is spread through networks. This ransomware will post a file labeled "ako-readme.txt" on the desktop. According to Bleeping computer, this ransomware was found targeting an entire network instead of individual workstations. How does it work? This ransomware will delete the shadow volume copies and backups. It then disables the windows recovery environment. During file encryption, it will randomly add extensions to the files. It skips files with .exe, .sys, .dll, .ini, .key, and .rdp extensions. It checks other connected machines on the network to complete the encryption process. In the end, the ransomware will place a file labeled "ako-readme.txt" on the desktop. Ako ransomware is a very serious threat. By infecting the entire network it forces the victim companies to pay the ransom, which could cost them millions.

 Source:https://cyware.com/news/ako-ransomware-could-be-the-next-threat-to-your-network-f2ff369b

Posted by at

5 comments:

  1. Caleb AndersonJanuary 14, 2020 at 8:46 PM

    Ransomware is certainly one of the most pervasive topics in computer security. I do know that there is researching being done on certain strains. Some strains can be decrypted using specialized tools.

    ReplyDelete
  2. Mohamed HashiJanuary 17, 2020 at 3:37 PM

    Ransomware, is dangerous crypto-malware that targets major corporations. It has powerful encryption algorithm to lock all the targeted files such as images, videos, documents etc., until the victims contact the attacker to pay them large sum of money.

    ReplyDelete
  3. Zero Day SecurityJanuary 17, 2020 at 10:19 PM

    Ransom ware is still prevalent today. With wannacry making headlines a while back. Every company should have at least some sort of backup though. Either offsite, one that is never online, etc. I think it's always cheaper to break your losses and restore back to the most recent backup. How would you know that the guys holding your data hostage will even decrypt your files once the ransom is paid? -Toufue

    ReplyDelete
  4. SecurityDadJanuary 18, 2020 at 9:20 AM

    This comment has been removed by the author.

    ReplyDelete
  5. SecurityDadJanuary 18, 2020 at 9:21 AM

    Wow this one is crazy. I didn't realize there was a ransomware out there that deletes the shadow copy. Every company really needs to use a cloud backup service to protect against ransomware. At my company we push the use of VEEM as a backup solution. Many of our new clients came to RSM because they were infected by ransomware and there previous IT provider had no offsite backups and therefore was ineffective in restoring the companies data. Crazy thing is one of these companies makes the the fins and nosecones for military grade guided missiles for the US government - Josh S

    ReplyDelete

Subscribe to: Post Comments (Atom)