Developer breaks Akira ransomware encryption in hours using cloud GPUs

In context: Akira is a dangerous, multiplatform ransomware threat that has been active since 2023. Available as a ransomware-as-a-service product to script kiddies and cybercriminals, the malware has targeted over 250 organizations and has earned up to $42 million for its unknown developers. Yohanes Nugroho, an Indonesian programmer who works on personal coding projects in his spare time, developed a "decryptor" for the Akira ransomware. The tool employs a novel approach to solve a complex mathematical problem, exploiting the high parallelism of modern GPUs to test millions of key combinations in a very short timeframe. Nugroho documented his journey through Akira's file-encrypting code on his personal website. He became involved with a Linux variant of Akira after a friend asked for help. Upon analyzing the code, Nugroho discovered that the ransomware uses the current time as a seed to generate cryptographically strong encryption keys. The encryption process dynamically generates u ... Read full article.