An international law enforcement effort has released a decryptor for victims of MegaCortex ransomware, widely used by cybercriminals to infect large corporations across 71 countries to the tune of more than $100 million in damages.
The decryptor, built by Europol, cybersecurity firm Bitdefender, the NoMoreRansom Project, the Zürich Public Prosecutor’s Office and the Zürich Cantonal Police, allows victims to recover files for free.
Bitdefender also published a tutorial on how to use the tool in both single-computer and network modes. The security shop noted:
The MegaCortex decryptor follows the release of a similar tool, this one to help recover files encrypted by LockerGoga ransomware, developed by the same coalition of law enforcement and infosec groups.
Cybercriminals using both types of malware infected more than 1,800 victims, costing them over $100 million, according to Europol. “These cyber actors are known for specifically targeting large corporations, effectively bringing their business to a standstill,” the European cops said.
In October 2021, law enforcement agencies in Ukraine and Switzerland arrested 12 individuals believed to be part of a crime ring responsible for these cyberattacks. At the time, the Europol-led effort also seized more than $52,000 in cash, five “luxury” vehicles and several electronic devices.
The suspects all played different roles in the organized crime operation, according to the cops. Some specialized in gaining initial access, while others were responsible for lateral movement, deploying malware such as Trickbot, or post-exploitation frameworks like Cobalt Strike or PowerShell Empire, to