Home SECURITY Avast experts have released a decryptor against the Akira ransomware virus

Avast experts have released a decryptor against the Akira ransomware virus

Avast experts have released a decryptor against the Akira ransomware virus


Triumph of Justice: Avast experts released a decryptor against the Akira ransomware virus

All victims will be able to recover their data absolutely free of charge.

Cybersecurity company Avast has released a free decryptor for the notorious Akira ransomware virus that can help victims recover their data without paying a ransom, absolutely free.

The Akira ransomware appeared in March 2023 and quickly gained popularity , attacking organizations around the world in various sectors. And since June, the attackers have begun redistribute the new version your encryptor for linuxto attack virtual machines VMware ESXi.

Avast’s analysis of Akira’s encryption scheme confirms previous reports that the malware uses a symmetric key generated by CryptGenRandom, which is then encrypted with an embedded RSA-4096 public key and appended to the end of the encrypted file.

Since only the attackers have the RSA private key to decrypt, in theory it is impossible to decrypt the files without first paying the ransom.

However, Avast specialists still found a way to decrypt, although they do not tell in detail how they did it.

Akira ransomware versions for Windows and Linux are very similar in how they encrypt devices. However, the Linux version uses the Crypto++ library instead of the CryptoAPI on Windows.

On Windows, the Akira malware only partially encrypts files to speed up the process, using a different encryption system depending on the file size. So, for files smaller than 2,000,000 bytes, Akira will only encrypt the first half of the file’s contents. And for files larger than 2,000,000 bytes, the malware will encrypt four blocks based on a pre-calculated block size determined by the total file size.

The Linux version of Akira provides its operators with the “-n” command-line argument, which allows them to determine exactly what percentage of the victim’s files should be encrypted.

Avast has released two versions of its Akira decryptor, both of which are currently Windows-only: 64-bit And 32-bit respectively. If possible, experts recommend using the 64-bit version, because the selection of the encryption key requires a lot of system memory.

Researchers are working on a decryptor for Linux right now, but ransomware victims could very well use the Windows version to decrypt any files that were encrypted on Linux.

For the decryptor to work, users need to provide the tool with a couple of files, one encrypted by Akira and the other in its original unencrypted form, to allow the tool to generate the correct decryption key.

“It’s very important to choose as large a pair of files as you can find,” the researchers warn. This is because, due to the peculiarities of the Akira encryption algorithm, even a couple of bytes difference between the files selected as an example can become decisive in the work of the decryptor.

The tool also offers the ability to back up encrypted files before attempting to recover them, which is highly recommended because if something goes wrong, the data can be irreversibly damaged, and even paying the ransom won’t save it.

Now that the decryptor has been released, the Akira gang will likely examine their code for encryption flaws and fix it, preventing future victims from recovering files for free. Therefore, all victims are advised to use the decryptor, and then be seriously concerned about the security of their networks.


Source link



Please enter your comment!
Please enter your name here