Source URL: https://www.tomshardware.com/tech-industry/cyber-security/akira-ransomware-cracked-with-rtx-4090-new-exploit-to-brute-force-encryption-attack
Source: Hacker News
Title: Akira ransomware can be cracked with sixteen RTX 4090 GPUs in around ten hours
Feedly Summary: Comments
AI Summary and Description: Yes
Summary: The discovery of a GPU-based brute-force method to decrypt files affected by the Akira ransomware attack represents a significant breakthrough in cybersecurity. This method enables organizations to regain access to their data without paying the ransom, marking a vital development in combating ransomware threats, particularly for high-profile targets.
Detailed Description:
The Akira ransomware has been notably problematic for organizations, demanding substantial ransoms, sometimes exceeding tens of millions of dollars. Recently, cybersecurity blogger Tinyhack published findings regarding a new exploit that circumvents the Akira virus’s encryption through a brute-force attack using high-performance GPUs, specifically Nvidia’s RTX 4090.
Key points from the analysis of this exploit include:
– **Background on Akira Ransomware**:
– First discovered in 2023.
– Targets high-profile organizations with significant ransom requests.
– **Brute-Force Decryption Method**:
– Using a single RTX 4090, decryption of affected files can take approximately seven days, while using 16 GPUs can reduce this to around ten hours.
– The Akira variant utilizes chaacha8 and Kcipher2 encryption methods to generate per-file encryption keys based on four specific timestamps used as seeds.
– **Technical Insights**:
– The timestamps can be deduced to an approximate range of 5 million nanoseconds, which allows for effective brute-force recovery.
– Certain conditions must be met for successful decryption, including ensuring that encrypted files remain untouched post-attack to help identify the access timestamp.
– Recommendations for organizations include renting GPU services from platforms like runpod or vast.ai to speed up decryption.
– **Cybersecurity Implications**:
– This discovery marks a significant advancement in ransomware defenses, providing affected organizations an alternative to paying ransoms.
– The Akira group may rapidly adapt and patch this vulnerability, suggesting a continuous cat-and-mouse game between attackers and defenders.
– **Future Considerations**:
– As ransomware tactics evolve, the need for robust cybersecurity measures and rapid response protocols becomes increasingly critical.
– Following Tinyhack’s comprehensive blog post could provide valuable insights for cybersecurity professionals looking to understand and potentially replicate the decryption process.
This method not only showcases the ongoing innovation in cybersecurity research but also emphasizes the necessity of staying informed on emerging threats and defenses in the rapidly changing landscape of cybercrime.