When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
A security researcher has managed to break Akirasransomwareencryptor for Linux, with the help of cloud-based compute power.
Security researcher Yohanes Nugroho was recently asked for help by a friend who was struck with Akira.
After analyzing the log files, they determined that Akira generates encryption keys using timestamps in nanoseconds.
It plays a crucial role in the encryption process, often determining how the encryption key is derived.
In Akiras case, the encryptor dynamically generates unique encryption keys for each file, using four timestamp seeds.
The keys are then encrypted with RSA-4096 and appended at the end of each encrypted file.
Furthermore, Akira encrypts more files at once through multi-threading.
He was then able to create a brute-force tool that can discover the key for each individual file.
Running the tool on-prem was deemed inefficient, since both RTX 3060 and RTC 3090 took too long.
He used 16 RTX 4090 GPUs to brute-force the decryption key in roughly 10 hours.
Depending on the number of locked files, the entire process can take less, or more time.
