A decryptor to combat the prolific Akira ransomware, which was used to hack Mercer University, is now available for public download, researchers at Avast have announced.
Akira, first spotted only in March of this year, has been among the most productive ransomware syndicates recently, publicly claiming 28 attacks in May alone. The gang takes its name from a Japanese cyberpunk manga of the same name.
Researchers at Avast say they’ve found an antidote to Akira’s virus, releasing a decryptor to combat the Windows version of the ransomware. They helpfully provided a step-by-step guide explaining exactly how to use it.
However, unlike many of its competitors, Akira also targets Linux-based systems with a strain of malware developed specifically for the operating system. Avast said that they’re working to develop a tool that would allow file decryption on Linux systems, too.
“Our team is currently developing a Linux version of our decryptors. In the meantime, the Windows version of the decryptor can be used to decrypt files encrypted by the Linux version of the ransomware,” researchers said.
Interestingly, researchers noted similarities between Akira and Conti, a now-defunct ransomware gang that dominated the market before LockBit took the throne in 2022. The report says that while not an indication of an overlapping leadership, the similarities indicate that “the malware authors were at least inspired by the leaked Conti sources.”
For example, Akira ignores files and directories with the same extensions as Conti, Akira’s file tail is equal to the file tail appended by Conti, and both gangs use the same stream cipher ChaCha 2008.
Your email address will not be published. Required fields are markedmarked