- A researcher analyzed how Akira operates in Linux and came with a brute force deciphering tool
- Took $ 1,200 and three weeks to decipher a system
- The tool is available in github now
A security researcher has managed to break the Akira ransomware encryption for Linux, with the help of cloud -based computing power.
Security researcher Yhanes Nugroho was recently asked for a friend who was beaten with Akira. After analyzing the registration files, they determined that Akira generates encryption keys using time brands in nanoseconds.
Nugroho’s method is a bit expensive to recover all encrypted files, but it should still be cheaper than paying the rescue demand.
Cloud computing for rescue
An encryption seed is an initial value used to generate encryption keys that block a victim’s files. It plays a crucial role in the encryption process, often determining how the encryption key is derived. In the case of Akira, the encryption dynamically generates unique encryption keys for each file, using four time brand seeds. The keys are encrypted with RSA-4096 and are added at the end of each encrypted file.
In addition, Akira figure more files at the same time through multiple subprocesses.
However, when observing the records, the researcher was able to determine when the ransomware ran, and through metadata, determined the completion time of the encryption. Then he was able to create a gross force tool that can discover the key to each individual file. Executing the tool in the prize was considered inefficient, since both RTX 3060 and RTC 3090 took too long.
Then, the researcher opted for Runpod & Vast GPU services, which provided sufficient computer power at the right price so that the process is viable. He used 16 GPU RTX 4090 for the gross deciphering key in approximately 10 hours. Depending on the amount of blocked files, the entire process can take less or more time.
In total, the project took three weeks and $ 1,200, but the system was saved, Bleepingcomputer information. The decrytor is available in Github, and the researcher added that the code can probably be optimized to work even better. It is worth noting that before executing such an experiment, victims must first create backup copies of their files, in case something goes wrong.
Through Bleepingcomputer
