Case Study: How we decrypted the data of Italian Company from Akira Ransomware

A few days ago, an Italian company experienced an infection by the latest variant of Akira ransomware, resulting in the encryption of all critical data. The company reached out to us via WhatsApp, providing detailed information about the attack. Our specialized team requested the ransom note and several files for evaluation. Upon receiving the files from the company’s IT representative, we analyzed them on our server and successfully decrypted them.

Subsequently, we determined a decryption fee of $10,000 for the complete recovery of 10 TB of data. The company took two days to process the payment via Bitcoins. Once the payment was confirmed, we provided two decryption tools—one for Windows servers and one for ESXi servers—along with a usage guide, which were sent via email.

The IT representative used the provided decryption tools, achieving a successful recovery of all data. The entire decryption process took approximately six hours. After completion, we requested permission to share proof of the communication on our website for review. The representative agreed to display only the final message regarding the decryption. This proof is attached at the end of this post.