The Akira ransomware group emerged in 2023 with a mix of dark humour and ruthless tactics, famously requesting ransom payments in 125 thousand worth of French baguettes but they soon became a more serious threat. They have been known to ask for absurd amounts of ransom. And despite their sense of humour, the are ruthless and have attacked not just corporations but also hospitals, universities and infrastructure, often using stolen credentials to break into systems.
But now, researchers have found a way to fight back. By exploiting weaknesses in Akira’s encryption, cybersecurity experts from a firm called Tinyhack have discovered a method to crack its locked files using high-powered GPUs. With an Nvidia RTX 4090, Tinyhack found they could crack the encrypted ransomware files in seven days, and with 16 GPUs, the process would take just over ten hours.
How the Attack Works
Akira uses the chacha8 and Kcipher2 encryption algorithms to lock victims’ files. Instead of relying on a single key, the ransomware generates a unique key for each file based on a four-part timestamp—measured down to the nanosecond. This system is meant to make brute-force attacks impossible, but Tinyhack’s researchers found a flaw.
By narrowing the possible range of timestamps, they reduced the number of guesses needed to find the correct encryption key. Using an RTX 4090, the brute-force attack can crack an Akira-encrypted file in about seven days. With a cluster of 16 GPUs, the decryption time drops to just ten hours.
Why This Matters
Now, the researchers’ ability to decrypt files without paying could deal a major blow to Akira’s operations. However, the decryption method isn’t foolproof—it requires the original encrypted files to be intact, and organizations still need powerful computing resources to execute the attack. Where the files are on a network file system, some latency can also make determining the time stamp more difficult.
Akira’s encryption has been cracked before. Avast’s Threat Research Team found the method Akira used to encrypt victim files, and published a free encryption breaker tool They have fixed their weaknesses in the past. No doubt they will change their tactics to respond to this as well. But every hour they spend developing new attacks is an hour that somebody isn’t attacked.
And for victims who refuse to pay, this breakthrough offers a rare opportunity: a way to fight back against one of the most notorious ransomware gangs of the past two years.
