SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image

Bitdefender releases free decryption tool for MegaCortex

Fri, 13th Jan 2023
FYI, this story is more than a year old

Bitdefender has released a decryptor for the MegaCortex ransomware family. This decryptor was built in cooperation with Europol, the NoMoreRansom Project, the Zürich Public Prosecutor's Office and the Zürich Cantonal Police.

In October 2021, twelve individuals were arrested in an international law enforcement operation against Dharma, MegaCortex and LockerGoga ransomware. 

Earlier in September 2022, Bitdefender announced the availability of the decryptor for LockerGoga ransomware. LockerGoga is a ransomware family identified in January 2019 after successful attacks against several companies in the United States of America and Norway. Its operator, who has been detained since October 2021 pending trial, is part of a larger cybercrime ring that used LockerGoga and MegaCortext ransomware to infect more than 1,800 persons and institutions in 71 countries to cause estimated damage of US$104 million.

Indicators of a LockerGoga infection are the presence of files with a '.locked' Iextension. 

"Victims with data encrypted by versions 2 through 4 need the ransom note (e.g. "!!READ_ME!!!.TXT", "!-!README!-!.RTF", etc) present. MegaCortex V1  decryption (the encrypted files have the ".aes128ctr" extension appended) requires the presence of the ransom note and TSV log file (e.g. "fracxidg.tsv") created by the ransomware," informs Bitdefender. 

"If you or your company have been affected by LockerGoga or MegaCortex, you can now use our tool to recover your files for free. We have a step-by-step tutorial on how to operate the decryptor in both single-computer and network modes."

The cybersecurity provider has also released its predictions for the year 2023. 

2022, just like the years before, wasn't a peaceful year for cybersecurity, notes Bitdefender. 

"The ransomware gang Conti threatened to overthrow the government in Costa Rica. Another cybercriminal collective, Lapsus$, perfected the social engineering attack vector and victimized Microsoft, Nvidia, Uber, Globant, and several other large tech companies, leaking sensitive data throughout the year," it says. 

Advanced persistent threat (APT) groups continued to evolve and adapt, developing sophisticated custom-made tools capable of overcoming even the best defences. 

Among the many industries targeted, hackers continued to increase attacks on healthcare providers, affecting millions of patients worldwide. 

"The year culminated in the password manager LastPass disclosing additional details of an earlier breach and confirming that hackers have copied customers' encrypted vaults, while The Guardian, one of the UK's leading newspapers, had to shut down its offices due to a ransomware attack," adds the company. 

In terms of predictions, Bitdefender says, "Attackers will continue to take advantage of the readily available vulnerabilities of the many IoT platforms and devices. Ransomware will continue to plague Microsoft Windows systems in particular. The latest malware worms spread like wildfire, while attackers can leverage Ransomware-as-a-Service (RaaS) kits to easily and cheaply build and deploy multitudes of their own variants. Attackers will continue to deploy malware spreading through links received via text messages, like FluBot."

"In 2023, the market is expected to continue growing, with cyber insurance providers implementing more appropriate system checks and monitoring capabilities. That's why, managed detection and response (MDR) services are shaping up as a key tool helping organizations sign up for coverage in the new year."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X