Victims of MegaCortex ransomware attacks can now decrypt their files without meeting cybercriminals’ ransom demands, thanks to a free decryption tool released by cybersecurity researchers in partnership with the police.
The MegaCortex ransomware decryptor was built by cybersecurity analysts at Bitdefender in collaboration with Europol, the No More Ransom Project, the Zurich Public Prosecutor’s Office, and the Zurich Cantonal Police.
The decryption tool should work with all variants of the MegaCortex ransomware and is available for download from Bitdefender and through the No More Ransom’s decryption tool portal.
MegaCortex ransomware has plagued organizations around the world for years, with cybercriminals infiltrating computer networks, gaining access, exploiting the vulnerability to install and trigger file-encrypting malware attacks, and then demanding a ransom for the decryption key. The ransom demands are often in the millions of dollars — in bitcoins.
return: Ransomware: Why it’s still a huge threat, and what’s next for these gangs
Several MegaCortex ransomware attacks have reportedly hit critical infrastructure and other high-profile targets — attackers have used a variety of methods to gain network access, including buying access to systems compromised by Trojan malware, or stealing users name and password.
“MegaCortex is run by a sophisticated team — some team members specialize in identifying and exploiting known vulnerabilities in exposed infrastructure, or exploiting pre-existing infections on the network — such as Emotet or Qakbot,” said Bogdan Botezatu, Director of Threat Research at Bitdefender and reports, told ZDNET.
“In some cases, stolen credentials have been used to compromise domain controllers and then deploy MegaCortex payloads across organizations using other manual or automated components,” he added.
While MegaCortex appears to be no longer active, some victims of the ransomware chose not to pay the ransom, resulting in files being encrypted after the attack, the researchers said. Now, they are able to retrieve them.
“The tool has been used to successfully recover data, and we are optimistic that more and more victims will be able to decrypt their ransomed data in the coming weeks,” Botezatu said.
Also: Cybersecurity in Space: An Extraordinary Challenge for the Future
MegaCortex Decryptor is the latest ransomware decryption tool to be added to No More Ransom, an initiative by cybersecurity companies, law enforcement, and academia to make decryption tools free for victims of ransomware. The project has helped more than 1.5 million victims of ransomware attacks retrieve their files without paying cybercriminals.
While law enforcement agencies recommend that victims of ransomware attacks never pay the ransom, as it will only encourage further ransomware attacks, many victims will choose to pay the ransom, seeing it as the easiest way to restore their network. But even then, there’s no guarantee that the decryption tool will work, or that ransomware attackers won’t come back for more money.
The best strategy for avoiding damage from ransomware is to avoid becoming a victim in the first place. Steps organizations can take to avoid this fate include applying security patches and updates as soon as they are released so cybercriminals cannot exploit known vulnerabilities to gain access to the network.
Organizations should also ensure that user accounts are protected by multi-factor authentication, so if cybercriminals do succeed in stealing usernames and passwords, it will be difficult for them to gain remote access to the system without an additional layer of authentication.
More about cybersecurity
