The combined work of Bitdefender analysts and experts from Europol, the NoMoreRansom Project, and the Zürich Public Prosecutor’s Office and Cantonal Police, has allowed the company to release a decryptor for the MegaCortex ransomware. The decryptor does not require installation and is a stand-alone executable that, once run, finds encrypted files on the system automatically. Furthermore, the decryptor backs up all files in case something goes wrong in the decryption process that could corrupt the files beyond recovery. The decryptor can be downloaded from Bitdefender for free and includes a user manual with instructions.
MegaCortex was first discovered in 2019 and was observed targeting corporate network with attacks that included adjustable ransom demands based on the companies that were attacked and the amount of data stolen. In October 2021, officials arrested 12 individuals related to thousands of MegaCortex and LockerGoga ransomware attacks. Along with the arrests, authorities discovered the private keys used in attacks, which lead to Bitdefender releasing the decryptor for the LockerGoga ransomware. Bitdefender did not release how they obtained the private keys for the MegaCortex ransomware, but it is likely they were found among the LockerGoga keys authorities found with the arrested individuals.
Organizations that are infected with MegaCortex ransomware should investigate using the Bitdefender decryptor to regain access to encrypted files. Trusted incident response organizations can also assist with file decryption.