Akira, a brand-new ransomware operation, has been focusing on Windows-based corporate networks all across the world. It is pursuing businesses in the manufacturing, financial, consulting, real estate, and education sectors and is requesting million-dollar ransoms.
Following the launch, Akira runs a PowerShell command to remove any Windows Shadow Volume Copies that might be present on the system. With the exception of the ProgramData, Recycle Bin, Boot, System Volume Information, and Windows directories, it begins encrypting the files located in the hard drive folders. It refrains from altering any of the Windows system files, such as.sys,.msi,.dll,.lnk, and.exe.