Akira ransomware for Linux and VMware ESXi systems has been decrypted by security researcher Yohanes Nugroho using encryption key brute-forcing graphics processing units, time stamps of compromised files, and known plaintext and ciphertext, according to SC Media.
Reverse engineering the Akira variant revealed random generation of a pair of chacha8 and another pair of kcipher2 keys at separate timestamps, while details required for brute-forcing have been determined by identifying the file encryption start times and the encryption end time of the previous file, said Nugroho, who then leveraged $1,200 worth of GPUs to facilitate the brute-forcing activity.
Organizations could leverage the technique, the source code of which is already on GitHub, to conduct their own Akira for Linux decryption efforts, said Nugroho. They could also tap RunPod, Vast AI, or other cloud-based GPU rental services to aid in their activities, Nugroho added, warning of the potential changes that Akira ransomware operators could implement to their encryption tactics that could invalidate his decryption method.
