When searching files for encryption, Akira is not especially fussy. Public key is hardcoded in the ransomware binary and differs per sample. The symmetric key is encrypted by the RSA-4096 cipher and appended to the end of the encrypted file. Akira Encryption Schemaĭuring the run, the ransomware generates a symmetric encryption key using CryptGenRandom(), which is the random number generator implemented by Windows CryptoAPI. The Linux version is 64-bit and uses the Boost library. In June 2023, a security researcher rivitna published a sample that is compiled for Linux. The binary is linked by Microsoft Linker version 14.35. Additionally, Boost library was used to implement the asynchronous encryption code. It is written in C++ with heavy support from C++ libraries. The Akira ransomware comes as a 64-bit Windows binary written for Windows operating system. Note that this ransomware is not related to the Akira ransomware discovered by Karsten Hahn in 2017 and our decryptor cannot be used to decrypt files from this old variant. Skip to how to use the Akira Ransomware Decryptor The Akira ransomware appeared in March 2023 and since then, the gang claims successful attacks on various organizations in the education, finance and real estate industries, amongst others. Researchers for Avast have developed a decryptor for the Akira ransomware and released it for public download.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |