Bitdefender, in cooperation with Europol, the Zürich authorities, and the NoMoreRansomware Project has released a free ransomware decryptor to help the victims of the MegaCortex cyber criminal group get their stolen data back. This comes after a lengthy investigation into the organization by Europol that resulted in the arrest of 12 individuals responsible.
The tool is a free standalone executable that requires no installations. It’s simple to use and offers advanced settings to help users replace damaged files with clean ones if they’re having mixed results with the decrypter. Since it’s free, anyone who was a victim of MegaCortex can quickly recover their stolen data.
Since its discovery in July 2019, the MegaCortex ransomware has been responsible for over 1,800 infections across 71 countries. By November, the group that orchestrated it relied on using double extortion methods to rob companies and individuals by threatening to publish their data unless they paid in Bitcoin. By the end of November 2019, the Dutch National Cyber Security Centre considered MegaCortex one of the most active underground ransomware operations.
Investigations began in September 2019, with the cooperation of Europol and Eurojust through a joint investigation team (JIT). The JIT worked in coordination with both Dutch and US investigators and had previously released tips on not getting infected by the MegaCortex ransomware.
The criminal organization was highly structured; the 12 individuals arrested each worked on different parts of the ransomware attacks — some studied data, others performed extortion, some dealt with the penetration efforts, and so on.
“This analysis revealed numerous private keys from ransomware attacks,” a Zurich prosecutor said in a release. “These keys enable damaged companies and institutions to restore data previously encrypted with the ‘LockerGoga’ or ‘MegaCortex’ malware.”
Following this discovery, Bitdefender and the NoMoreRansomware Project worked with authorities to create a decryption key for victims of the LockerGoga ransomware before swiftly releasing the MegaCortex decrypter to the public.