News Overview
-
Successful Decryption via GPU Brute-Force: Security researcher Tinyhack has developed a method to decrypt files encrypted by the Akira ransomware using NVIDIA RTX 4090 GPUs, significantly reducing the time required for brute-force attacks.
-
Timeframe for Decryption: Utilizing a single RTX 4090 GPU, the decryption process can take approximately seven days. However, deploying a cluster of 16 RTX 4090 GPUs can reduce this time to just over ten hours.
Original article link: Akira ransomware can be cracked with sixteen RTX 4090 GPUs in around ten hours — new counterattack breaks encryption
In-Depth Analysis
Akira Ransomware Encryption Mechanism
Akira ransomware employs the chacha8 and Kcipher2 encryption algorithms to secure victim files. The encryption keys are generated using four distinct timestamps, measured in nanoseconds, as seeds. This method creates a potential vulnerability, as the timestamps can be deduced within a narrow range, allowing for targeted brute-force attacks.
Brute-Force Decryption Process
The decryption approach involves the following steps:
-
Timestamp Estimation: Determine the approximate range of the four timestamps used during encryption, typically within a 5 million nanoseconds (0.005 seconds) window.
-
Brute-Force Search: Utilize high-performance GPUs, such as the RTX 4090, to systematically test possible timestamp combinations within the estimated range.
-
Key Generation and File Decryption: Once the correct timestamps are identified, generate the corresponding decryption keys to restore the encrypted files.
The efficiency of this method is heavily reliant on the computational power of the GPUs employed. A single RTX 4090 can complete the process in about seven days, while a cluster of 16 GPUs can reduce the time to just over ten hours.
Considerations and Limitations
Several factors can influence the success of this decryption method:
-
File Integrity: The encrypted files must remain unaltered post-encryption to accurately determine the last accessed timestamps necessary for the brute-force process.
-
File Storage Systems: Utilizing Network File Systems (NFS) can introduce server lag, complicating the accurate determination of encryption timestamps and potentially hindering the decryption process.
Additionally, while this method has proven effective against certain variants of Akira ransomware, there is a possibility that ransomware developers may update their encryption techniques to mitigate this vulnerability in future versions.
Commentary
The development of a GPU-accelerated brute-force decryption method for Akira ransomware represents a significant advancement in cybersecurity defense strategies. Leveraging the computational power of modern GPUs, such as NVIDIA’s RTX 4090, enables more efficient and timely responses to ransomware attacks, potentially reducing the operational downtime and financial losses associated with such incidents.
However, this approach also underscores the ongoing arms race between cybersecurity professionals and cybercriminals. As defensive techniques evolve, ransomware developers are likely to adapt their methods to counteract new decryption strategies. This dynamic necessitates continuous research and development in cybersecurity measures to stay ahead of emerging threats.