Free Akira ransomware decryptor helps recover your files
Cybersecurity firm Avast has released a free decryptor for the Akira ransomware that can help victims recover their data without paying the crooks any money.
Akira first appeared in March 2023 and made a name for itself by quickly amassing victims as it targeted organizations worldwide in a broad range of sectors.
Starting in June 2023, Akira operators began deploying a Linux variant of their encryptor to attack VMware ESXi virtual machines, increasing the exposure to the group’s encryption attacks.
Akira encryption
Avast’s analysis of Akira’s encryption scheme confirms previous reports, describing that the malware uses a symmetric key generated by CryptGenRandom, which is then encrypted by a bundled RSA-4096 public key and appended to the end of an encrypted file.
As the threat actors are the only ones to possess the private RSA decryption key, it should have prevented anyone else from decrypting the files without first paying a ransom.
The Windows and Linux versions of Akira ransomware are very similar in how they encrypt devices. However, the Linux version uses the Crypto++ library instead of Windows CryptoAPI.
The Avast decryptor
Avast has released two versions of its Akira decryptor software, one for 64-bit and one for 32-bit Windows architectures.
The security firm recommends using the 64-bit version because cracking the password requires a lot of system memory.
Source: BleepingComputers