The Akira Ransomware is meant to be a file-encryption Trojan, which works just like the majority of the file lockers researchers analyze nowadays. The threat infiltrates a computer and uses a complex encryption routine to lock the contents of all files that use a certain file extension or match some certain criteria. The good news is that the Akira Ransomware is far from finished, and it looks like this project might end up never being complete definitely. The sample of the Akira Ransomware has first been uploaded to an online virus scanning service just a few days ago, and the tests show that this file-locker is quite limited regarding functionality.
While it does boast a working file-encryption module, it is important to stress on the fact that the Akira Ransomware only encrypts a small list of files stored in the ‘My Videos’ folder. This configuration is quite weird, and it is likely that the author has decided to do that to be able to test out the file locker in a fairly controlled environment. Apart from encrypting files, the Akira Ransomware does not seem to perform any other operations on the victim’s computer. It will not disable important Windows services and utilities, nor will it wipe the Shadow Volume Copies to prevent the victim from taking advantage of 3rd-party file recovery techniques. In addition to all this, the Akira Ransomware does not rename the locked files, a thing that ransomware threats tend to do rather often. Last but not least, a ransom note is nowhere to be found so that it is impossible to tell who the authors are, and how much money are they going to charge for decryption.
While the Akira Ransomware is unlikely to cause any trouble in its current state, you should not forget that ransomware authors have been very active for the past year, and there are countless file-encryption Trojans being spread via all sorts of methods. We advise our readers to protect their files and privacy by using a credible anti-malware solution that offers good protection modules.