And two! After the publication of a first LockerGoga ransomware decryptor in September 2022, Bitdefender has just unveiled a second decryption tool, this time targeting MegaCortex ransomware. It was designed by analysts from the cybersecurity firm in collaboration with Europol, the No More Ransom project, the Zurich Public Prosecutor’s Office and the Zurich Cantonal Police.
This decryption tool, which is supposed to work with all variants of MegaCortex ransomware, can be downloaded from the Bitdefender site, or via the No More Ransom decryption tool portal. “The tool is already being used to successfully recover data and we are optimistic that more and more victims will be able to decrypt their ransom data in the coming weeks,” director Bogdan Botezatu told ZDNet. research at Bitdefender.
Judicial dragnet
The publication of this tool was expected. In September 2022, the public prosecutor’s office and the cantonal police of Zurich announced that they had recovered numerous private keys linked to ransomware attacks via LockerGoga and MegaCortex.
A seizure which followed an international crackdown, a year earlier, against 13 computer hackers arrested in Switzerland and Ukraine – in particular thanks to French judicial investigations.
Some of MegaCortex’s attacks hit critical infrastructure and other high-profile targets, with attackers infiltrating things like buying access to Trojan-compromised systems or stealing usernames and passwords. outmoded. “MegaCortex was operated by a complex team, some of which specialized in identifying and exploiting known vulnerabilities in exposed infrastructure, or exploiting a pre-existing infection on the network, such as Emotet or Qakbot,” adds the director of research.
Last released decryptor
It is the latest decryption tool in the palette of No More Ransom, this initiative by cybersecurity companies, law enforcement and academia to provide tools to ransomware victims for free. The project has helped over 1.5 million victims of ransomware attacks recover their files without paying cybercriminals.
If it is recommended never to pay the ransom – this only encourages further attacks – many victims choose to give in. They consider this to be the easiest way to restore their networks. Still, there is no guarantee that the decryption tool will work properly after paying a ransom. Similarly, victims are not immune to new extortion attempts.
So, to avoid this kind of dilemma, it is even better not to fall victim to ransomware. To protect against these attacks, there are a range of precautionary measures to take, including applying patches and security updates immediately after they are released, as well as using multi-factor authentication for all company accounts.
Source: ZDNet.com