Cybersecurity researcher Yohanes Nugroho has created a sophisticated decryption tool capable of restoring files encrypted by the Linux variant of the Akira ransomware. This advanced utility leverages the computational prowess of graphics processing units (GPUs) to brute-force encryption keys, thereby enabling victims to recover their data free of charge.
Nugroho embarked upon the development of this decryptor following a plea for assistance from a friend. Initially estimating a mere week to accomplish the task, given Akira’s reliance on timestamp-based key generation, he soon discovered that the challenge was significantly more complex, ultimately requiring three weeks of meticulous effort. In total, Nugroho invested approximately $1,200 in GPU rentals before successfully cracking the encryption.
Unlike conventional decryptors that require manual key input, Nugroho’s program employs a brute-force methodology. Akira generates a distinct encryption key for each file by capturing the precise nanosecond timestamp at the moment of encryption. This timestamp then undergoes 1,500 iterative rounds of hashing using SHA-256 to yield the final encryption key.
Due to Akira’s employment of four distinct, high-precision timestamps, the potential number of key combinations becomes astronomically large, making brute-force attacks an extraordinarily challenging endeavor. Moreover, Akira’s encryption process utilizes multi-threading, further complicating efforts to pinpoint the exact encryption time for individual files.
To narrow the exhaustive search range, Nugroho carefully analyzed system logs provided by his friend. By examining file metadata and correlating timestamps, he constructed predictive profiles of the encryption patterns. Initial attempts using an RTX 3060 GPU proved insufficient, delivering only 60 million key attempts per second. Subsequent upgrades to an RTX 3090 GPU also yielded negligible improvement.
The challenge was ultimately overcome through cloud computing platforms RunPod and Vast.ai, which supplied the necessary computational resources. By harnessing the combined power of sixteen RTX 4090 GPUs, Nugroho was able to crack the encryption key within approximately 10 hours. However, for extensive file collections, the process may extend over several days.
Nugroho acknowledged that further optimization of his code is possible, and GPU experts could likely achieve even greater performance enhancements. The decryptor’s source code, along with detailed usage instructions, has been publicly released on GitHub.
Users are advised to back up their encrypted files before employing this tool, as attempts to decrypt data with incorrect keys may result in irreversible file corruption.
