Cybersecurity researcher Yohanes Nugroho has developed a free decryptor for the Linux variant of Akira ransomware.
The tool allows victims to unlock their encrypted files without paying a ransom. It leverages GPU power to brute-force encryption keys and recover data.
Nugroho began working on the decryptor after a friend sought his help. Initially, he believed he could break the encryption within a week, as Akira ransomware generates keys based on timestamps. However, unforeseen challenges extended the project to three weeks, during which he spent $1,200 on GPU resources before finally succeeding.
Unlike traditional decryption tools that require a key, this decryptor uses brute-forcing encryption keys unique to each file. Akira ransomware generates these keys using timestamps with nanosecond precision, making them difficult to crack.
The ransomware encrypts multiple files simultaneously using multi-threading, complicating determining the exact timestamps used. To overcome this, Nugroho analyzed log files and file metadata to estimate encryption times, creating benchmarks to predict key generation patterns.
Initial attempts using an RTX 3060 GPU proved too slow, testing only 60 million keys per second. Even an RTX 3090 offered slight improvement. Nugroho turned to cloud-based GPU services like RunPod and Vast.ai to speed up the process. By utilizing sixteen RTX 4090 GPUs, he successfully brute-forced the decryption key in about 10 hours. However, the process can take several days, depending on the number of encrypted files.
Nugroho has released the decryptor on GitHub and provided instructions on how to use it. He advises users to back up their encrypted files before attempting decryption, as incorrect key usage could lead to data corruption. While this tool offers hope for ransomware victims, cybersecurity experts may further refine it for better performance.
Users should proceed cautiously, as independent verification of its effectiveness and safety is still pending.
