from Hacker News

Decrypting encrypted files from Akira ransomware using a bunch of GPUs

by costco on 3/14/25, 5:45 PM with 58 comments

  • by __alexander on 3/14/25, 8:51 PM

    Note: Someone commented on the “limited shelf-life” of ransomware and why this doesn’t hurt other victims. They deleted their comment but I’m posting my response.

    You are incorrect. What is limited is the number of attacks that can be used for victims to recover their files. If you think the author is the only person that was using this attack to recover files, you are incorrect again. I’d recommend checking out book The Ransomware Hunting Team. It’s interesting book about what happens behind the scene for helping victims recover their files.

  • by bawolff on 3/14/25, 10:06 PM

    Anyone know why they are using timestamps instead of /dev/random?

    Dont get me wrong,im glad they don't, its just kind of surprising as it seems like such a rookie mistake. Is there something i'm missing here or is it more a caseof people who know what they are doing don't chose a life of crime?

  • by Ameo on 3/15/25, 6:45 AM

    This was a great read and had just the right amount of detail to satisfy my curiosity about the process without being annoying to read.

    Huge props to the author for coming up with this whole process and providing such fascinating details

  • by throwaway48476 on 3/14/25, 10:25 PM

    Ransomware would be less of a problem if applications were sandboxed by default.

  • by 1vuio0pswjnm7 on 3/15/25, 5:02 PM

    "On my mini PC CPU, I estimated a processing speed of 100,000 timestamp to random bytes calculations per second (utilizing all cores)."

    Would like more details on the mini PC. Processor, RAM, price. Is it fanless.

  • by heavensteeth on 3/15/25, 5:22 AM

    What could explain encrypting the first 65k with KCipher2 and the rest with something else? Seems odd.