Antivirus company Bitdefender has released a decryptor for the MegaCortex ransomware family which enables victims to restore their data for free.
The decryptor, developed in conjunction with Europol, the NoMoreRansom Project, the Zürich Public Prosecutor’s Office, and the Zürich Cantonal Police, is a standalone executable that does not need to be installed and can locate encrypted files on a system automatically.
There are a few criteria that Bitdefender sets out on its website (opens in new tab), noting, “Victims with data encrypted by versions 2 through 4 need the ransom note (e.g. “!!READ_ME!!!.TXT”, “!-!README!-!.RTF”, etc) present. MegaCortex V1 decryption (the encrypted files have the “.aes128ctr” extension appended) requires the presence of the ransom note and TSV log file (e.g. “fracxidg.tsv”) created by the ransomware.”
MegaCortex was first uncovered in May 2019 by Sophos researchers, and while it has remained fairly dormant in recent times, it has been noted that the ransomware has primarily targeted corporations and businesses.
The tool also promises to back up encrypted files, in case the decryption process corrupts them to the point that they are no longer salvageable.
The MegaCortex decryptor is the latest addition to the NoMoreRansom initiative, which provides decryption tools to victims of ransomware attacks for free. To date, the project has helped over 1.5 million victims retrieve their files without paying cyber criminals.
Security companies recommend that victims refrain from paying to regain access to their data, fearing that this could spur on further attacks. As ever, prevention is the best medicine, and installing relevant protection and applying security updates and patches remains highly regarded.