MegaCortex Ransomware
The MegaCortex ransomware first came to light in January 2019. It included many interesting characteristics, such as utilizing signed executables as a part of the payload, and the malware's developer was additionally offered security consulting services.
The ransomware used both automated and manual components in order to attack as many targeted victims as possible.
Moreover, MegaCortex ransomware may be employing networks that have already been infiltrated in an initial attack using Emotet and Qakbot malware to target businesses rather than individual consumers.
According to The Malware Wiki, MegaCortex used AES encryption to encrypt user files. The only way to regain access to protected data is through a private key, which victims would need to buy from the hackers, according to a readme file that came with infections.
The MegaCortex ransomware attack was capable of information theft, file encryption as well disabling usage capability. According to an estimate by TechCrunch, MegaCortex may have infected as many as 1,800 companies around the globe, including a number of “high profile” targets. Although it has been indicated that the figure is likely to be far higher.
Later, in October 2021, law enforcement detained 12 suspected of being involved in more than 1,800 ransomware assaults in 71 different nations. Police reportedly spent months searching through the data gathered during the arrests, according to TechCrunch. In the end, they discovered individual decryption keys that were utilised to produce and disseminate a program in September of last year to decode files encrypted by the LockerGoga ransomware.
Free Decryptor Built by Bitdefender
The free decryptor is being deployed by Bitdefender and the EU’s initiative ‘No More Ransom’ in cooperation with the Zürich Cantonal Police, the Zürich Public Prosecutor’s Office, and Europol.
The authorities announced in September that 12 culprits have been detained in connection with the Dharma, LockerGoga, and MegaCortex ransomware families.
The arrests at the time, according to a statement from Zürich's prosecutor, enabled investigators to collect numerous private keys used by the ransomware gang, which would allow victims to restore data that had been previously encrypted using the LockerGaga or MegaCortex virus. A decryptor for LockerGoga was made available by BitDefender last year.
The cybersecurity company has recently confirmed that the free MegaCortex decryptor is now being made available. The tool will work to unlock files that were encrypted by MegaCortex ransomware and all its variants. It is available to download from Bitdefender and through No More Ransom’s decryption tools portal, which is, in fact, home to 136 other free tools for 165 ransomware variants such as Babuk, DarkSide, Gandcrab, and REvil.