- A researcher analyzed how Akira works on Linux and came with a brutal decryption tool
- It took $ 1,200 and three weeks to decipher a system
- The tool is available on Github now
A security researcher managed to break the Akira ransomware cryptor for Linux, using a Cloud -based calculation power.
Security researcher Yohanes Nugroho recently asked for help from a friend who was struck with Akira. After analyzing the newspaper files, they determined that Akira generates encryption keys using horodatages in the nanoseconds.
Nugroho’s method is a bit expensive to recover all encrypted files, but it should always be cheaper than paying the ransom request.
Cloud computing at the rescue
A encryption seed is a starting value used to generate encryption keys that lock the files of a victim. He plays a crucial role in the encryption process, often determining the drift of the encryption key. In the case of Akira, the encryptor dynamically generates unique encryption keys for each file, using four horoding seeds. The keys are then encrypted with RSA-4096 and annexed at the end of each encrypted file.
In addition, Akira encrypts more files both via multi-threading.
However, by examining the newspapers, the researcher was able to determine when the ransomware took place, and through metadata, he determined the day of completion of the encryption. He was then able to create a brute strength tool that can discover the key for each individual file. The execution of the on -site tool was deemed ineffective, because RTX 3060 and RTC 3090 took too long.
The researcher then opted for Runpod & Vast.ai Cloud GPU Services, which provided enough calculation power at the right price to make the process viable. He used 16 RTX 4090 GPU for Brute Force The decryption key in about 10 hours. Depending on the number of locked files, the entire process can take less time or more.
In total, the project took three weeks and $ 1,200, but the system was saved, Bleeping Compompute Reports. The decryptor is available on GitHub, and the researcher added that the code can probably be optimized to work even better. It should be noted that before performing such an experience, the victims should first create backups of their files, in case something passes.
Via Bleeping Compompute
