Devastating Akira ransomware cracked in hours using cloud computing

Akira, one of the most dangerous ransomware strains floating around the internet, just met its match — an Indonesian programmer armed with cloud computing and sheer determination.

As first reported by TechSpot, Yohanes Nugroho successfully cracked Akira, a multiplatform ransomware that has been wreaking havoc since 2023. Used by cyber criminals to target hundreds of businesses, government agencies, and industries, Akira has helped its developers earn millions.

While this isn’t the first time someone has found a way to break Akira’s encryption, what makes this case remarkable is that Nugroho did it alone — and in just over 10 hours. TechSpot has the full breakdown, but here’s the quick version:

Nugroho, a hobbyist programmer, built a decryptor to crack Akira ransomware using GPU power — similar to what fuels high-end gaming graphics. He discovered that Akira’s encryption keys are based on the exact moment of the attack, down to the nanosecond, making each file’s key unique.

To make decryption even harder, the ransomware scrambles these keys through 1,500 rounds of hashing before locking them with RSA-4096 encryption. Normally, this would be nearly impossible to break, but GPUs can run millions of calculations quickly.

Nugroho got a break when a friend provided log files from an attack, helping him estimate the time needed to crack the encryption. His RTX 3060 wasn’t fast enough at 60 million guesses per second, and even an RTX 3090 didn’t cut it. So, he turned to cloud services RunPod and Vast.ai, renting 16 RTX 4090 GPUs — finishing the job in just over 10 hours.

The brute-force tool is available on GitHub, and Nugroho encourages GPU experts to refine and optimize it further.