Free GPU-Based Decryptor for Linux Akira Ransomware Released
A significant breakthrough in the fight against ransomware has been made by security researcher Yohanes Nugroho, who has released a free decryptor for Linux Akira ransomware. This tool utilizes GPU power to recover keys through brute force, providing hope to those affected by this malicious software.
Background and Development
Nugroho's journey into creating the decryptor began when he assisted a company in recovering their data from an Akira ransomware infection without paying the ransom. The experience sparked his interest in devising a decryption technique to help those affected by this variant of the malware.
Initially, Nugroho estimated that it would take a week to complete the project, but it ultimately took him three weeks. The process required significant GPU resources, which cost $1,200 due to unforeseen complexities.
How it Works
The decryptor works differently from traditional decryptors. Instead of using conventional methods, it employs brute-force techniques to exploit the Akira ransomware's use of timestamp-based seeds. By utilizing GPU power, Nugroho can process large amounts of data more efficiently.
The researcher analyzed log files, file metadata, and hardware benchmarks to estimate encryption timestamps, making brute-forcing decryption keys more feasible. The decryptor leverages the malware's weakness in relying on four moments in time, each with nanosecond resolution, to unlock files without ransom payments.
Technical Details
Akira generates unique encryption keys for each file using four nanosecond-precision timestamps as seeds in the generate_random function. The malware encrypts file keys with RSA-4096 and appends them to files, making decryption difficult.
High timestamp precision and multi-threading add complexity to the process. Since the encryption seed is crucial for key generation, attackers can recreate decryption keys through brute force. Nugroho's method leverages this weakness to unlock files without ransom payments.
Performance and Optimization
The researcher found local GPUs too slow for brute-forcing Akira's decryption key. To overcome this limitation, he deployed sixteen RTX 4090s using cloud GPU services, reducing the process to 10 hours.
However, recovery time may vary based on file volume. Nugroho noted that further optimizations could enhance performance. He chose the RTX 4090 for brute-force decryption due to its high CUDA core count and cost efficiency.
Availability and Future Work
The full source code of the decryptor has been published on GigHub, allowing anyone with an interest in contributing to its development.
Nugroho plans to continue improving the tool, but for now, it provides a beacon of hope for those affected by this malicious software. By leveraging GPU power and exploiting the weaknesses of the Akira ransomware, Nugroho's decryptor offers a potential solution for those who have fallen victim to this attack.
Conclusion
The release of Nugroho's free GPU-Based decryptor for Linux Akira ransomware marks an important milestone in the fight against ransomware. By providing a powerful tool to recover files without paying ransom, it offers hope to those affected by this malicious software. As the landscape of ransomware continues to evolve, tools like this will be crucial in helping individuals and organizations protect themselves from these threats.