perm_phone_msgConsider your business risks? Chat With US

One More Threat For Organizations

Ransomware BCyber todayJanuary 13, 2020 39

share close

After Sodinokibi, DeathRansom, Clop, and SNAKE, now comes the Ako ransomware. Like most others, this malware also targets businesses and aims to spread over entire networks instead of individual systems.

About Ako Ransomware

Bleeping Computer have shared their analysis of new ransomware in town. This time, it is the Ako ransomware that poses a threat to organizations.

The ransomware caught their attention after a victim posted about it on their forum. The victim revealed that the ransomware affected the Windows 10 desktop and Windows SBS 2011 server.

Together with Vitali Kremez of SentinelLab, Bleeping Computer analyzed the malware and discovered it as a new ransomware. While the initial analysis hinted some similarities with MedusaLocker, the Ako operators have confirmed it to be their ‘own product’. According to their email to Bleeping Computer,

We see news about us. But that is wrong. About MedusaReborn. We have nothing to do with Medusa or anything else. This is our own product – Ako Ransomware, well, this is if you are of course interested.

In brief, Ako works in quite a sophisticated manner, by first deleting the shadow volume copies and recent backups after infection. Moreover, it also disables the Windows recovery environment before beginning the data encryption.

Then, during the encryption process, it skips files with .exe, .sys, .dll, .ini, .key, .lnk, and .rdp extensions. Moreover, it also excludes the files paths lacking $,AppData, Program Files, Program Files (x86), AppData, boot, PerfLogs, ProgramData, Google, Intel, Microsoft, Application Data, Tor Browser, Windows strings.

While encrypting the files, it adds a randomly generated extension to the files, it also adds a CECAEFBE file marker to the encrypted files so that the ransomware can identify them. It then checks other machines on the network to complete the encryption process. And, in the end, it places the ransom note entitled “ako-readme.txt” on the desktop.

A Serious Threat To Businesses

They told Bleeping Computer, before encrypting the data, they also steal it as part of their ‘job’.

Moreover, Ako, like most modern ransomware, also does not remain confined to individual systems. Rather the attack aims at infecting the entire network, thus, compelling the victim firms to pay the ransom.

For now, it isn’t clear how the attackers behind this ransomware distribute it. Yet, Lawrence Abrams deems it ‘likely’ that the malware exploits Remote Desktop services for spreading the infection.

Let us know your thoughts in the comments.

The following two tabs change content below.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]


Latest posts by Abeerah Hashim (see all)


This content was originally published here.

Written by: BCyber

Rate it
Previous post

Similar posts

Ransomware BCyber / October 19, 2020

Ad-light, Malware-heavy # Chris Dzombak

Ad-light, Malware-heavy Since December 17, Forbes has been running an experiment wherein some fraction of visitors who are running ad blockers are blocked from accessing Forbes articles until they disable their ad blocker. In exchange, Forbes promises an “ad-light experience”: A Forbes article published yesterday claims that this interstitial resulted in 42.4% of visitors turning ...

Read more trending_flat