One More Threat For Organizations – The Ako Ransomware

  • 1
  • 1

After Sodinokibi, DeathRansom, Clop, and SNAKE, now comes the Ako ransomware. Like most others, this malware also targets businesses and aims to spread over entire networks instead of individual systems.

About Ako Ransomware

Bleeping Computer have shared their analysis of new ransomware in town. This time, it is the Ako ransomware that poses a threat to organizations.

The ransomware caught their attention after a victim posted about it on their forum. The victim revealed that the ransomware affected the Windows 10 desktop and Windows SBS 2011 server.

Together with Vitali Kremez of SentinelLab, Bleeping Computer analyzed the malware and discovered it as a new ransomware. While the initial analysis hinted some similarities with MedusaLocker, the Ako operators have confirmed it to be their ‘own product’. According to their email to Bleeping Computer,

We see news about us. But that is wrong. About MedusaReborn. We have nothing to do with Medusa or anything else. This is our own product – Ako Ransomware, well, this is if you are of course interested.

In brief, Ako works in quite a sophisticated manner, by first deleting the shadow volume copies and recent backups after infection. Moreover, it also disables the Windows recovery environment before beginning the data encryption.

Then, during the encryption process, it skips files with .exe, .sys, .dll, .ini, .key, .lnk, and .rdp extensions. Moreover, it also excludes the files paths lacking $,AppData, Program Files, Program Files (x86), AppData, boot, PerfLogs, ProgramData, Google, Intel, Microsoft, Application Data, Tor Browser, Windows strings.

While encrypting the files, it adds a randomly generated extension to the files, it also adds a CECAEFBE file marker to the encrypted files so that the ransomware can identify them. It then checks other machines on the network to complete the encryption process. And, in the end, it places the ransom note entitled “ako-readme.txt” on the desktop.

A Serious Threat To Businesses

They told Bleeping Computer, before encrypting the data, they also steal it as part of their ‘job’.

Moreover, Ako, like most modern ransomware, also does not remain confined to individual systems. Rather the attack aims at infecting the entire network, thus, compelling the victim firms to pay the ransom.

For now, it isn’t clear how the attackers behind this ransomware distribute it. Yet, Lawrence Abrams deems it ‘likely’ that the malware exploits Remote Desktop services for spreading the infection.

Let us know your thoughts in the comments.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!