Researcher Releases GPU-Powered Akira Ransomware Decryption Tool

A security researcher developed and released a decryption tool for the infamous Akira ransomware strain, using GPU to solve the deciphering key.

GPU-powered Akira decryption tool

Cybersecurity expert Yohanes Nugroho recently developed a tool that uses GPU computational power to generate the decryption key that unlocks files ciphered by Akira ransomware.

Upon studying the ransomware strain, Nugroho noticed that it uses timestamps to generate encryption keys. This discovery led Nugroho to believe that, with the right tools, the encryption algorithm could be cracked within a week.

While the project took three times longer than predicted, it was a success; after spending $1,200 on GPUs, the researcher’s decryption tool broke Akira’s encryption.

Brute-forcing keys to completion

Nugroho took an unusual approach to breaking encryption. Traditionally, decryption tools require a key or encrypted/unencrypted file pairs.

However, Nugroho used brute forcing techniques to figure out the decryption key needed to unlock Akira-ciphered files. An Akira particularity is that its encryptor uses the current time, expressed in nanoseconds, as a seed when generating its encryption keys.

The researcher exploited this trait to brute-force encryption keys, which is an impressive feat in itself, considering that each file is bond with a unique key.

Only available on Linux

Unfortunately, the decryption tool only works for Linux computers and requires an expensive GPU. Nugroho conducted initial testing with an RTX 3060 and an RTC 3090 before deciding their performance was lackluster and changing tactics.

The researcher ultimately used a cloud GPU service for the task; the decryption involved the computational power from no fewer than sixteen RTX 4090 GPUs and was completed in approximately 10 hours.

According to the researcher, the process could take even longer, depending on the number of files to be deciphered.

Nugroho released the decryption tool on GitHub alongside instructions on Akira-locked file recovery.

Foresight and prevention are always better against ransomware

Regularly backing up your files using cold (offline) backup methods is still the most effective way to prevent ransomware or data wipers from rendering your files inaccessible.

However, dedicated software like Bitdefender Ultimate Security can boost your digital defenses against ransomware and other cyber threats.

It works against viruses, Trojans, worms, zero-day exploits, spyware, and rootkits, and features multi-layered ransomware protection, network threat prevention, behavioral detection, and web attack prevention.