Bitdefender releases free decryption tool for MegaCortex


Bitdefender has released a decryption tool for the MegaCortex ransomware family. This decoder was built in collaboration with Europol, the NoMoreRansom Project, the Zurich Public Prosecutor’s Office and the Zurich Cantonal Police.

In October 2021, twelve people were arrested in an international law enforcement operation against Dharma, MegaCortex, and LockerGoga ransomware.

Earlier in September 2022, Bitdefender announced the availability of a LockerGoga ransomware decryption tool. LockerGoga is a family of ransomware identified in January 2019 after successful attacks against several companies in the USA and Norway. Its operator, who has been in custody since October 2021 pending trial, is part of a larger cybercrime ring that has used LockerGoga and MegaCortext ransomware to infect more than 1,800 people and organizations in 71 countries causing an estimated $104 million in damages.

Indicators of a LockerGoga infection are the presence of files with a “locked” extension.

“Victims who have data encrypted by versions 2 through 4 require a ransom note (eg “!! READ_ME!!!. TXT”, “! -! README! – !. RTF”, etc.) to be present. Requires decryption MegaCortex V1 (encrypted files appended with “.aes128ctr” extension) ransom note and TSV log file (eg “fracxidg.tsv”) created by the ransomware,” tells Bitdefender.

“If you or your company has been affected by LockerGoga or MegaCortex, you can now use our tool to recover your files for free. We have a step-by-step tutorial on how to run the decryption software in both single-computer and network modes.”

The cyber security provider also released its outlook for 2023.

2022, just like previous years, has not been a peaceful year for cybersecurity, Bitdefender points out.

The Conte ransomware gang has threatened to overthrow the government in Costa Rica. Another group of cybercriminals, Lapsus$, has mastered the vector of social engineering attacks and has fallen victim to Microsoft, Nvidia, Uber, Globant and many other big tech companies, leaking sensitive data over the course of year.”

Advanced Persistent Threat (APT) groups have continued to evolve and adapt, developing sophisticated, bespoke tools capable of defeating even the best of defenses.

Among the many industries targeted, hackers have continued to increase attacks on healthcare providers, affecting millions of patients worldwide.

“The year capped off with password manager LastPass revealing additional details of an earlier breach and confirming that hackers had copied customers’ encrypted safes, while The Guardian, one of the UK’s leading newspapers, was forced to close its offices due to a ransomware attack,” the company adds.

On the predictions, Bitdefender says, “Attackers will continue to take advantage of vulnerabilities readily available to many IoT platforms and devices. Ransomware will continue to infect Microsoft Windows systems in particular. The latest malware worms spread like wildfire, while attackers can take advantage of Ransomware-as-a-Service (RaaS) groups build and deploy many of their own variants easily and cheaply. Attackers will continue to spread malware via links received via text messages, such as FluBot.”

“In 2023, the market is expected to continue to grow, as electronic insurance providers implement more system checks and appropriate monitoring capabilities. For this reason, managed detection and response (MDR) services are shaping up as a key tool to help organizations sign up for coverage in the year the new “.