Sunday, May 15, 2022

Ako Ransomware

Anubis Android banking Trojan

Anubis is back. Yes, you heard absolutely correct. Anubis is back on track. Let's understand what it is, it's...

Must Read

Ako ransomware is a ransomware-type infection. Ako majorly encrypts all file types. As soon as encryption is done, ako places a special text file into every folder that contains the encrypted data.
Threat summary
Name: Ako virus
Type: Ransomware, Crypto virus, files locker
Encrypted file extension: a random string of characters
Ransom demanding message: ako-readme.txt
Ransom amount: 0.479/0.9576 of Bitcoin
Bitcoin wallet address : 1DUBrMcH9T13oFSa59jxtFDM5eWTP8v2yc
Distribution methods: Infected email attachments(macros), torrent websites, mail cloud ads
Symptoms: Cannot open files stored on your computer, previously functioning files now have different extensions.
Removal: scanning your computers with SpyHunter

IMG 20200115 143614

What is Ako?

There are two variations available of Ako ransomware, however, they only differ between by the way victims supposed to contact cybercriminals to pay a ransom. Both variants of Ako create a similar text file named “ako-readme.txt”. These ako text files are also known as ransom notes. In one version of text files, victims are instructed to contact cyber criminals via email, in the second one, they are ordered to pay a ransom through a Tor website. Then “I’d.key” files are generated in both ako variants and they are dropped in folders that contain encrypted files. Then all encrypted files are renamed by appending a random extension to their filenames. For example, a file named “6.jpg” gets renamed to “6.jpg.2mzWmb” and so on. They do the same with the ransom notes. In both versions of ransom note i.e. ako-readme.txt, victims are informed with a message that all their files are encrypted and the only way to decrypt them is to purchase a unique key. Anyone version that contains two emails (dudegoldman@cock.li and david@firemail.cc) that should be used to contact cyber criminals.

IMG 20200115 143554 1

These mails are further used by Ako developers for more details on how to purchase that key. Another variant contains a website link that can be opened with a Tor browser. On the Tor website, victims have to use the personal ID extracted from the second version of the “ako-readme.txt” text file. And other instructions are followed. Decryption tools can be purchased by the victims. As mentioned on that website, the decryption tool can be purchased by victims after transferring 0.479 of Bitcoin. Bitcoins are transferred to a provided BTC wallet address. The price of decryption is increased if payment is not made in two days after encryption. This increment is of 0.9576 of Bitcoin. Only Ako developers help their victims to decrypt encrypted files. At this moment, there are no other tools that could be capable of decryption. But they cannot be believed too much. There might be fair chances of not providing decryption tools and/or keys even after payment. People who pay might get scammed. In most cases, backup is the only possible way to recover files and avoid data loss. Once after victims remove Ransomware from the operating systems, files still remain encrypted, only further encryption is prevented by its removal. Most of the ransomware programs block access to data and provide instructions. Instructions are on how to buy a tool or key that can decrypt encrypted files. Two main and most common variables are the size of a ransom and cryptographic algorithm which are both symmetric or asymmetric, ransomware uses for encryption. In most cases, it is impossible to crack encryptions and the only way to decrypt files is by using a tool that only developers of particular ransomware have. Monetary loss can be prevented  It is possible to avoid data and monetary loss, only when ransomware is not finished or by restoring files from a backup. In such cases, data backups are extremely useful and that is why it is strongly recommended to always have data backed up and keep it on a remote server or unplugged storage device. There are a couple of examples of other ransomware. They are Pashka, m461c14n, and WannaScream.

How to protect your devices and yourself from ransomware infections?
Any email received from a suspicious and unknown source and also contains either some attachment or website link, then they must be rejected. They should not be trusted. There are fair chances that such emails and attachments would have been sent by some cybercriminals. Cybercriminals aims to infect a computer with malware or ransomware. IMG 20200115 143635 1

The software should not be downloaded from unofficial pages. They should be downloaded only from official websites and through direct download links. The software must be updated regularly but by tools that are designed by official developers. Also, it is illegal to activate paid software with a lot of cracking tools. However, third-party tools can be designed to spread malicious software which is completely unofficial. There must be regular scanning of the operating systems for threats with a reputable antivirus or anti-spyware software. In case of any detected Threats, elimination must be done as soon as possible. To automatically eliminate this Ransomware, a scan must be run with Spyhunter for Windows.

- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Also Read

- Advertisement -

More Articles Like This

- Advertisement -