Ako falls in the category of most modern ransomware as it does not remain confined to individual systems and spread through networks.
The ransomware places the ransom note entitled “ako-readme.txt” on the desktop.
As disclosed by the team of Bleeping computer, Ako ransomware was seen targeting the entire network rather than just individual workstations.
About Ako
The Ako ransomware was discovered after a victim posted about it on the forum. Bleeping Computer analyzed the malware and discovered that it was a new ransomware.
As per the victim, the ransomware affected the Windows 10 desktop and Windows SBS 2011 server.
Though the initial analysis by the researchers had hinted some similarities with MedusaLocker, the attackers said in an email that it was their own product.
In the email (to the Bleeping Computer team), the threat actor said “We see news about us. But that is wrong. About MedusaReborn. We have nothing to do with Medusa or anything else. This is our own product – Ako Ransomware, well, this is if you are of course interested.”
How does it work?
Ako works in quite a sophisticated manner.
Upon entering the system, the ransomware first deletes the shadow volume copies and recent backups.
It then disables the Windows recovery environment before beginning the data encryption.
While encrypting the files, it adds a randomly generated extension to the files. It also adds a CECAEFBE file marker to the encrypted files so that the ransomware can identify them.
During the encryption, it skips files with .exe, .sys, .dll, .ini, .key, .lnk, and .rdp extensions. It also excludes the files paths lacking $, AppData, P ..
Support the originator by clicking the read the rest link below.
