In context: Akira is a dangerous, multiplatform ransomware threat that has been active since 2023. Available as a ransomware-as-a-service product to script kiddies and cybercriminals, the malware has targeted over 250 organizations and has earned up to $42 million for its unknown developers. Yohanes Nugroho, an Indonesian programmer who works on personal coding projects in his spare time, developed a "decryptor" for the Akira ransomware. The tool employs a novel approach to solve a complex mathematical problem, exploiting the high parallelism of modern GPUs to test millions of key combinations in a very short timeframe.Nugroho documented his journey through Akira's file-encrypting code on his personal website. He became involved with a Linux variant of Akira after a friend asked for help. Upon analyzing the code, Nugroho discovered that the ransomware uses the current time as a seed to generate cryptographically strong encryption keys.The encryption process dynamically generates unique keys for each file, using four different timestamp seeds with "nanosecond precision." These keys are then hashed through 1,500 rounds of the SHA-256 function. Finally, the keys are encrypted using the RSA-4096 algorithm and appended at the end of each encrypted file.The extreme precision of Akira's encryption makes decryption work complex and tedious, as the malware can generate more than a billion possible values per second. However, Nugroho's task was made easier thanks to the log files provided by his friend. With this data, he was able to determine when the ransomware was executed, allowing him to prepare encryption benchmarks to estimate how much time the decryptor would take.Nugroho initially tried running a brute-force attack on a GeForce RTX 3060, but the GPU was too slow, processing only 60 million combinations per second. Upgrading to a higher-tier GPU (RTX 3090) didn't significantly improve the speed, so he decided to rent GPU time through cloud services RunPod and Vast.ai. By using 16 RTX 4090 GPUs in the cloud, Nugroho was able to complete the benchmark process in just over 10 hours. // Related StoriesNugroho notes that the GeForce RTX 4090 would be an excellent choice for decrypting files compromised by Akira ransomware, thanks to its high number of CUDA cores and relatively low rental price. The developer has made his code available under an open-source license, encouraging "GPU experts" to explore further optimization opportunities. In its current form, the Akira decryptor can achieve around 1.5 billion encryptions per second for KCipher2 on a GeForce RTX 3090.