A new decryptor for the Akira ransomware has emerged, developed by security researcher Yohanes Nugroho after a grueling three-week effort. This tool specifically targets the Linux variant of Akira, which has been plaguing organizations worldwide since March 2023.
The development wasn’t cheap either – Nugroho spent a whopping $1,200 on GPU resources alone. That’s the price of digital heroism these days.
The decryptor exploits a critical vulnerability in Akira’s encryption mechanism. Turns out, the ransomware generates encryption keys based on timestamps with nanosecond precision. Sounds secure, right? Wrong. By analyzing log files and narrowing down possible timestamp ranges, Nugroho found a way to brute-force these keys. Clever. Very clever.
Akira’s Achilles’ heel: nanosecond timestamps turned into the perfect cracking opportunity through clever timestamp analysis.
Initial attempts using RTX 3060 and 3090 GPUs proved insufficient for the massive computational task. The final solution? Sixteen RTX 4090 GPUs working in tandem. Talk about bringing a nuclear weapon to a knife fight.
The setup can crack an encryption key in approximately 10 hours, though more complex cases might take days.
The decryption process requires users to provide a pair of files – one encrypted and its original plain-text version. Larger files work better. The tool then performs 1,500 rounds of SHA-256 hashing to generate the correct key.
Available for both 64-bit and 32-bit Windows architectures, the 64-bit version is recommended due to memory requirements. Nobody likes a memory crash mid-decryption.
Caution is absolutely necessary. Users should back up their encrypted files before attempting decryption. There’s always a risk of file corruption when messing with encryption. This approach follows cybersecurity best practices of 3-2-1 backup rule recommended by experts for ransomware defense.
The tool isn’t officially tested or guaranteed by BleepingComputer, so proceed at your own risk. Security researchers have shared this tool widely, though approximately 15% of links related to cybersecurity resources become inaccessible over time due to linkrot.
Avast is reportedly working on a Linux version of the decryptor. Meanwhile, Akira operators are probably scrambling to revise their encryption methods. This cat-and-mouse game never ends.
For victims, however, this tool offers a glimmer of hope against digital extortion. Unlike similar infections that often require behavioral detection techniques, Akira’s encryption flaw provides a rare opportunity for recovery without paying the ransom.
