Subj : One of the most powerful ransomware hacks around has been cracked
To   : All
From : TechnologyDaily
Date : Mon Mar 17 2025 14:30:08

One of the most powerful ransomware hacks around has been cracked using some 
serious GPU power

Date:
Mon, 17 Mar 2025 14:03:00 +0000

Description:
A researcher was able to crack how Akira encrypts files, and created a 
brute-force tool.

FULL STORY
======================================================================A 
researcher analyzed how Akira operates on Linux and came with a brute-force 
decryption tool It took $1,200 and three weeks to decrypt a system The tool 
is available on GitHub now 

A security researcher has managed to break Akiras ransomware encryptor for 
Linux, with the help of cloud-based compute power. 

Security researcher Yohanes Nugroho was recently asked for help by a friend 
who was struck with Akira. After analyzing the log files, they determined 
that Akira generates encryption keys using timestamps in nanoseconds. 

Nugroho's method is a little costly to retrieve all of the encrypted files, 
but it should still be cheaper than paying the ransom demand. Cloud computing 
to the rescue 

An encryption seed is a starting value used to generate encryption keys that 
lock a victims files. It plays a crucial role in the encryption process, 
often determining how the encryption key is derived. In Akiras case, the 
encryptor dynamically generates unique encryption keys for each file, using 
four timestamp seeds. The keys are then encrypted with RSA-4096 and appended 
at the end of each encrypted file. 

Furthermore, Akira encrypts more files at once through multi-threading. 

However, by looking at the logs, the researcher was able to determine when 
the ransomware ran, and through metadata, he determined the encryption 
completion time. He was then able to create a brute-force tool that can 
discover the key for each individual file. Running the tool on-prem was 
deemed inefficient, since both RTX 3060 and RTC 3090 took too long. 

The researcher then opted for RunPod & Vast.ai cloud GPU services, which 
provided enough computing power at the right price to make the process 
viable. He used 16 RTX 4090 GPUs to brute-force the decryption key in roughly 
10 hours. Depending on the number of locked files, the entire process can 
take less, or more time. 

In total, the project took three weeks, and $1,200, but the system was saved, 
BleepingComputer reports. The decryptor is available on GitHub, and the 
researcher added that the code can probably be optimized to run even better. 
It is worth noting that before running any such experiment, victims should 
first create backups of their files, in case anything goes awry. 

 Via BleepingComputer You might also like There's now a Linux version of this 
dangerous VMware ransomware We've rounded up the best password managers Take 
a look at our guide to the best authenticator app



======================================================================
Link to news story:
https://www.techradar.com/pro/security/one-of-the-most-powerful-ransomware-hac
ks-around-has-been-cracked-using-some-serious-gpu-power


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.