Good news for businesses hit by the Akira ransomware.
Developed by security researchers at antivirus company Avast free decryption tool It targets files that have been encrypted since the Akira ransomware first appeared in March 2023.
This ransomware has been blamed for many high-profile attacks, including attacks on universities, financial institutions, and even childcare centers.
Organizations hit by Akira ransomware quickly realize they have a problem. Many of the data files have been renamed to add an extension. .akira
its contents have been garbled by encryption algorithm and each folder has a ransom note left by cyber criminals.
Part of the extortion request looks like this:
2. Pay us to save you time, money and effort and get you back on track in about 24 hours. Our decryption program works well on any file or system, so you can be sure by requesting our test decryption service from the beginning of the conversation. If you choose to recover on your own, keep in mind that some files may become permanently inaccessible or accidentally corrupted. In this case, please understand that we cannot support it.
If your company follows best practices with regards to backups, those backups are easily accessible, and haven’t been compromised, recovering garbled files isn’t the hardest thing in the world.
But, of course, as we all know, it’s still often the case that you don’t have a proper backup system in place, or you haven’t properly tested it to work properly in case you need emergency recovery of your data. I have.
That’s where tools like Avast’s new free Akira decryptor can help.
To crack ransomware passwords, Avast’s tool asks for Akira-encrypted sample files and copies of data files from before the ransomware attack.
The tool emphasizes that it is “extremely important” to choose pairs of files that are as large as possible and exactly the same size. Although the password-cracking process “typically takes only a few seconds,” researchers warn that the process requires a lot of memory and recommends using the 64-bit version of the decryption tool. are doing.
Currently, Avast’s tool only works on Windows, but the company says it is working on a specific version that will work on Linux as well. In the meantime, his Windows version of Avast’s decryption tool can be used to unlock files encrypted by his Linux version of the Akira ransomware, just like the Windows version.
Avast researchers did not provide details on how they found a way to decrypt files garbled by Akira ransomware, but with good reason. Perhaps the gang behind the Akira attack is diligently trying to identify where the code is weak and is working on a new version of the Akira ransomware that won’t be so easily unfixable.
Unfortunately, even if you can recover your data after the Akira ransomware attack, it doesn’t always solve your headaches. The cybercriminals behind the security breach Stolen They sell your data on the dark web and threaten to publish it on leak sites, making it even more difficult for your company, its partners and customers.
A ransomware decryption tool is definitely a great tool to have in your pocket. But it would be even better to stop a successful ransomware attack in the first place.
Follow our advice, including the following recommendations to protect your organization from ransomware attacks.
- Create secure offsite backups.
- Run the latest security solutions and make sure your computer is protected against vulnerabilities with the latest security patches.
- Limit the ability of attackers to spread laterally throughout your organization through network segmentation.
- Protect sensitive data and accounts with unique, hard-to-crack passwords and enable multi-factor authentication.
- Encrypt sensitive data whenever possible.
- Reduce your attack surface by disabling features your company doesn’t need.
- Educate and inform staff on the risks and techniques cybercriminals use to launch attacks and steal data.
Editor’s Note: The opinions expressed in this guest author article are those of the contributor only and do not necessarily reflect those of Tripwire.