Listen to this Post
A Breakthrough in Ransomware Decryption
In a major cybersecurity breakthrough, security researcher Yohanes Nugroho has developed a decryptor for the Linux variant of Akira ransomware. Unlike traditional decryption tools that rely on pre-obtained keys, Nugroho’s tool leverages GPU power to brute-force decryption keys, effectively unlocking encrypted files without paying a ransom.
His work began as a personal request from a friend, but it quickly turned into a three-week-long project, costing him around $1,200 in GPU resources. Despite the challenges, Nugroho successfully cracked the ransomware’s encryption, proving that Akira’s key generation process is vulnerable to exploitation.
How the Akira Ransomware Decryptor Works
Brute-Forcing Encryption Keys with GPUs
Nugroho’s tool does not require a pre-existing decryption key. Instead, it takes advantage of how Akira ransomware generates its encryption keys using timestamps as a seed. By using GPUs to systematically test possible keys, the tool is able to recover the correct decryption key.
Akira ransomware encrypts each file with a unique key derived from a timestamp recorded in nanoseconds. These timestamps undergo 1,500 rounds of SHA-256 hashing before being encrypted with RSA-4096, making brute force attacks extremely difficult.
Challenges in Cracking the Encryption
- Timestamp Complexity: Akira’s key generation process creates billions of possible values per second, making brute force attacks computationally expensive.
- Multi-Threading Issue: The ransomware encrypts multiple files simultaneously, making it difficult to pinpoint the exact timestamp used.
- Hardware Limitations: Early attempts with an RTX 3060 GPU were too slow, achieving only 60 million encryption tests per second. Even an RTX 3090 proved insufficient.
Scaling Up with Cloud GPU Services
To overcome hardware limitations, Nugroho used cloud-based GPU services such as RunPod and Vast.ai. By deploying sixteen RTX 4090 GPUs, he successfully brute-forced the decryption key within 10 hours. However, depending on the volume of encrypted files, the process could take days.
Decryptor Now Available on GitHub
Nugroho has made the decryption tool publicly available on GitHub, complete with instructions on how to recover Akira-encrypted files. However, users are advised to back up their encrypted files before attempting decryption to avoid potential corruption.
What Undercode Say:
The Technical Vulnerability of Akira Ransomware
Akira’s reliance on timestamps for encryption key generation exposes a significant weakness. While timestamps provide high entropy, they are not entirely random. This predictability allows for brute force attacks using high-performance GPUs, as demonstrated by Nugroho.
The Cost of Cracking Encryption
While Nugroho’s method is effective, it comes at a high computational cost. Using sixteen RTX 4090 GPUs is not a feasible option for most individuals. This raises concerns about the accessibility of ransomware decryption for the average victim. However, security firms and government agencies could leverage similar methods to assist ransomware victims.
Future Implications for Ransomware Developers
Now that Akira’s encryption method has been compromised, ransomware developers may shift towards more sophisticated key generation techniques. Future variants could implement stronger randomness mechanisms or obfuscate timestamps to prevent similar decryption techniques.
The Role of Cloud Computing in Cybersecurity
Nugroho’s success highlights the growing role of cloud computing in cybersecurity. Cloud GPU services like RunPod and Vast.ai enable researchers to harness massive computational power at a fraction of the cost of owning high-end hardware. This accessibility could be a game-changer in countering cyber threats.
Ethical and Security Concerns
- Could This Tool Be Misused? While the decryptor is intended to help ransomware victims, there is always a risk that cybercriminals might repurpose the method to refine their attacks.
- Trust and Safety: Since BleepingComputer has not independently verified the tool, users should proceed with caution and test decryption on non-critical files first.
Lessons for Cybersecurity Experts
- Ransomware defense must evolve. As attackers refine their encryption methods, defenders must continuously find and exploit weaknesses.
- Time-based encryption schemes are vulnerable. Cryptographic implementations relying on timestamps must ensure unpredictability to prevent similar attacks.
- Public collaboration can drive breakthroughs. Nugroho’s decryptor demonstrates how independent researchers can contribute to global cybersecurity efforts.
Fact Checker Results
- Encryption Key Weakness: Akira’s reliance on timestamps has been verified as a vulnerability, making brute force attacks feasible with enough computing power.
- GPU Acceleration Works: Real-world testing confirms that high-performance GPUs can be used effectively to break Akira’s encryption.
- Decryptor Availability: The decryptor is publicly accessible on GitHub, but its effectiveness and safety have not been independently verified by cybersecurity firms.
References:
Reported By: https://www.bleepingcomputer.com/news/security/gpu-powered-akira-ransomware-decryptor-released-on-github/
Extra Source Hub:
https://www.discord.com
Wikipedia
Undercode AI
Image Source:
Pexels
Undercode AI DI v2





