News Overview
- Security researcher Yohanes Nugroho has developed a GPU-powered decryptor that successfully retrieves decryption keys for the Linux variant of Akira ransomware, enabling victims to recover their files without paying the ransom.
- The decryptor utilizes NVIDIA GPUs to brute-force the encryption keys, significantly reducing the time required for decryption compared to CPU-based methods.
- This development offers hope to organizations affected by Akira ransomware, providing a means to recover data without engaging with cybercriminals.
Original article link: New Akira Ransomware Decryptor Leans on Nvidia GPU Power
In-Depth Analysis
-
Akira Ransomware Overview: Akira is a ransomware strain targeting Linux systems, particularly VMware ESXi virtual machines. It encrypts files using a combination of current time in nanoseconds as a seed and multiple rounds of SHA-256 hashing, making decryption challenging without the proper keys.
-
Decryptor Development: Nugroho’s decryptor exploits the predictable nature of Akira’s encryption method by leveraging GPU acceleration. By analyzing system logs and file metadata to determine potential timestamps, the tool employs brute-force techniques to recover decryption keys, bypassing the need for user-supplied keys.
-
GPU Utilization: The decryptor’s efficiency is significantly enhanced by utilizing NVIDIA GPUs. Initial tests with an RTX 3060 achieved 60 million encryption tests per second, but scaling up to 16 RTX 4090 GPUs reduced the brute-forcing time to approximately 10 hours, demonstrating the critical role of GPU power in this process.
Commentary
The development of this GPU-accelerated decryptor represents a significant breakthrough in combating Akira ransomware infections on Linux systems. By exploiting specific weaknesses in Akira’s encryption methodology and harnessing the computational power of modern GPUs, victims now have a viable alternative to paying ransoms. This approach underscores the importance of continuous research and innovation in cybersecurity to counteract evolving threats. However, the resource-intensive nature of the decryption process highlights the need for robust preventive measures and regular system backups to mitigate the impact of such attacks.