1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • One of the most powerful ransomware hacks around has been cracked

    From TechnologyDaily@1337:1/100 to All on Mon Mar 17 14:30:08 2025
    One of the most powerful ransomware hacks around has been cracked using some serious GPU power

    Date:
    Mon, 17 Mar 2025 14:03:00 +0000

    Description:
    A researcher was able to crack how Akira encrypts files, and created a brute-force tool.

    FULL STORY ======================================================================A researcher analyzed how Akira operates on Linux and came with a brute-force decryption tool It took $1,200 and three weeks to decrypt a system The tool
    is available on GitHub now

    A security researcher has managed to break Akiras ransomware encryptor for Linux, with the help of cloud-based compute power.

    Security researcher Yohanes Nugroho was recently asked for help by a friend who was struck with Akira. After analyzing the log files, they determined
    that Akira generates encryption keys using timestamps in nanoseconds.

    Nugroho's method is a little costly to retrieve all of the encrypted files, but it should still be cheaper than paying the ransom demand. Cloud computing to the rescue

    An encryption seed is a starting value used to generate encryption keys that lock a victims files. It plays a crucial role in the encryption process,
    often determining how the encryption key is derived. In Akiras case, the encryptor dynamically generates unique encryption keys for each file, using four timestamp seeds. The keys are then encrypted with RSA-4096 and appended at the end of each encrypted file.

    Furthermore, Akira encrypts more files at once through multi-threading.

    However, by looking at the logs, the researcher was able to determine when
    the ransomware ran, and through metadata, he determined the encryption completion time. He was then able to create a brute-force tool that can discover the key for each individual file. Running the tool on-prem was
    deemed inefficient, since both RTX 3060 and RTC 3090 took too long.

    The researcher then opted for RunPod & Vast.ai cloud GPU services, which provided enough computing power at the right price to make the process
    viable. He used 16 RTX 4090 GPUs to brute-force the decryption key in roughly 10 hours. Depending on the number of locked files, the entire process can
    take less, or more time.

    In total, the project took three weeks, and $1,200, but the system was saved, BleepingComputer reports. The decryptor is available on GitHub, and the researcher added that the code can probably be optimized to run even better. It is worth noting that before running any such experiment, victims should first create backups of their files, in case anything goes awry.

    Via BleepingComputer You might also like There's now a Linux version of this dangerous VMware ransomware We've rounded up the best password managers Take
    a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/one-of-the-most-powerful-ransomware-hac ks-around-has-been-cracked-using-some-serious-gpu-power


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)