Security news that informs and inspires

MegaCortex Ransomware Decryptor Released

Researchers have released a decryption tool for the MegaCortex ransomware, a strain that has been used in attacks on a long list of targets and has been deployed around the world.

MegaCortex has been in use since at least January 2019 and some of the actors using it alo were known to have deployed the older Dharma and LockerGoga ransomware variants. The MegaCortex ransomware sometimes was associated with infections by the Qakbot and Emotet malware families and typically was used in intrusions on corporate networks.

In October 2021, authorities from the United States, Switzerland, Ukraine, and elsewhere disrupted the operation of the MegaCortex ransomware infrastructure and arrested 12 people in connection with its deployment. That operation also disrupted the usage of Dharma and LockerGoga.

Despite that, MegaCortex infections have not disappeared completely and security researchers at BitDefender have developed a universal decryptor that victims can use to recover encrypted files without paying a ransom. The decryptor was released as part of the cooperative No More Ransom project maintained by Europol, the National High Tech Crime Unit of the Dutch National Police, and a number of security companies.

In September, ButDefender released a similar decryptor for the LockerGoga ransomware. The No More Ransom project maintains a large library of decryptors for other ransomware strains, as well.