Akira Ransomware Decryptor Released to The Public

This post is also available in: עברית (Hebrew)

Researchers at Avast have announced that a decryptor to combat the Akira ransomware, which was used to hack Mercer University, is now available for public download.

Akira is a ransomware gang that has been first spotted in March 2023 and has surprisingly been one of the most active ransomware gangs this year, publicly claiming 28 attacks in May alone. The group’s name originates from a Japanese cyberpunk manga of the same name.

According to Cybernews, researchers at Avast have found a so-called antidote to Akira’s virus and released a decryptor to combat the Windows version of the ransomware, and provided a step-by-step guide explaining exactly how to use it.

Akira however, unlike many of its competitors, also targets Linux-based systems with a strain of malware developed specifically for the operating system. According to Avast, they are currently working to develop a tool that would also allow file decryption on Linux systems.

Researchers said: “Our team is currently developing a Linux version of our decryptors. In the meantime, the Windows version of the decryptor can be used to decrypt files encrypted by the Linux version of the ransomware.”

Curiously enough, the researchers noted several similarities between Akira and Conti, which is a ransomware gang that is no longer active but dominated the market before LockBit took the throne in 2022. The report says that although this is not an indication of an overlapping leadership, the similarities do indicate that “the malware authors were at least inspired by the leaked Conti sources.”

For example, Akira ignores files and directories with the same extensions as Conti, Akira’s file tail is equal to the file tail appended by Conti, and both gangs use the same stream cipher ChaCha 2008.

This information was provided by Cybernews.