How programmer reverse-engineered Akira ransomware
Nugroho reverse engineered the Akira sample and discovered it performs four random generations per file at four different times, two for KCipher2 (t3 and t4) and two for ChaCha8 (t1 and t2).The fact that these times are related to each other complicates the brute-forcing process, requiring the offset between the first (t3) and second (t4) generations to be determined. This time varies between systems and files; for example, the company system Nugroho decrypted had a range of 1.5 to 5 million nanoseconds, requiring 4.5 quadrillion possible pairs to be brute-forced.Additionally, the VMware VMFS filesystem only provides file modification time stamps down to the second and records the time stamp when the file is closed rather than when it is opened (when encryption starts).Nugroho determined that the encryption start time of one file could be determined by the file modification time (encryption end time) of the previous file encrypted, providing the necessary information to brute-force the nanosecond time stamps needed.Nugroho’s blog post discussed potential GPU set ups that can be used to run the brute-force decryption process, noting that an RTX 3090 can test about 1.5 billion encryptions per second.“Testing 2 million offsets would require approximately 16 days on a single GPU, or just 1 day using 16 GPUs,” Nugroho wrote.Rather than purchasing one or several GPUs, companies could consider affordable cloud-based GPU rental services like RunPod or Vast AI. The exact cost will depend on the number and size of encrypted files and the offset range (how many possible t3/t4 pairs need to brute forced). Nugroho noted he spent about $1,200 total for all of his tests and experiments.Akira victims can use Nugroho’s code to aid in their own decryption, which requires them to obtain the time stamps and ciphertexts of the encrypted files, test their own server’s timing offsets using tools provided in Nugroho’s GitHub repo, and acquire the necessary GPU resources for brute forcing.The method first brute forces the KCipher2 encryption by finding t3 and t4, and for large files, brute forces ChaCha8 by finding t1 and t2. This is possible once t3 is known, as the distance between t3 and t1 is less than 10 million nanoseconds.After all four encryption seed initialization times are found, the user can use them to run the decryptor.Nugroho noted it is possible the creators of the Akira ransomware will change their encryption methods to prevent this decryption method of being used. Avast published a decryptor for Akira in July 2023 by leveraging a vulnerability in the ransomware, leading this vulnerability to be fixed in later versions.