News Overview
- Security researcher Yohanes Nugroho has developed a GPU-accelerated decryptor for the Linux variant of Akira ransomware, enabling free file recovery without paying ransoms.
- The decryptor exploits Akira’s use of nanosecond-level, time-based encryption seeds, allowing brute-force retrieval of decryption keys.
- Utilizing high-performance GPUs, the tool can significantly reduce the time required to crack encryption keys, depending on the hardware’s computational power.
Original article link: New decryptor targets Akira ransomware with GPU technology for Linux systems
In-Depth Analysis
-
Akira Ransomware Overview: Akira is a ransomware strain that encrypts files on infected Linux systems, demanding payment for decryption. It generates unique encryption keys for each file using timestamps with nanosecond precision, processed through 1,500 SHA-256 rounds. These keys are then secured with RSA-4096 encryption, making traditional decryption methods challenging.
-
Decryptor Development: Nugroho’s decryptor leverages the predictable nature of Akira’s timestamp-based key generation. By analyzing system logs and file metadata to narrow down possible timestamps, the tool employs brute-force tactics using GPU acceleration to recover the decryption keys. This approach bypasses the need for a user-supplied key, which is typically required by conventional decryptors.
-
GPU Utilization: The decryptor’s efficiency is significantly enhanced by utilizing the parallel processing capabilities of GPUs. Initial tests with an RTX 3060 achieved 60 million encryption tests per second, but this proved insufficient. Scaling up to 16 RTX 4090 GPUs reduced the brute-forcing time to approximately 10 hours, demonstrating the critical role of GPU power in this process.
Commentary
The development of this GPU-accelerated decryptor represents a significant advancement in combating ransomware attacks on Linux systems. By exploiting specific weaknesses in Akira’s encryption methodology and harnessing the computational power of modern GPUs, victims have a viable alternative to paying ransoms. This approach underscores the importance of continuous research and innovation in cybersecurity to counteract evolving threats. However, the resource-intensive nature of the decryption process highlights the need for robust preventive measures and regular system backups to mitigate the impact of such attacks.