Victims of MegaCortex ransomware attacks can now decrypt their files without giving into the ransom demands of cyber criminals, thanks to a free decryption tool that’s been released following collaboration between cybersecurity researchers and police.
The MegaCortex ransomware decryptor was built by cybersecurity analysts at Bitdefender in cooperation with Europol, the No More Ransom Project, the Zürich Public Prosecutor’s Office, and the Zürich Cantonal Police.
The decryption tool, which should work with all variants of MegaCortex ransomware, is available to download from Bitdefender and via No More Ransom’s decryption tools portal.
MegaCortex ransomware has plagued organizations across the world for several years, with cyber criminals infiltrating computer networks, gaining access privileges, using that opening to install and trigger file-encrypting malware attacks, and then demanding a ransom payment for the decryption key. The ransom demands have often amounted to millions of dollars — requested in Bitcoin.
Also: Ransomware: Why it’s still a big threat, and where the gangs are going next
Some of the MegaCortex ransomware attacks have reportedly hit critical infrastructure and other high-profile targets — with attackers using a variety of methods to gain access to networks, including buying access to systems compromised with trojan malware, or stealing usernames and passwords.
“MegaCortex is operated by a complex team — some of the team members specialize in identifying and exploiting known vulnerabilities in exposed infrastructure, or by leveraging a pre-existing infection on the network — such as Emotet or Qakbot,” Bogdan Botezatu, director of threat research and reporting at Bitdefender, told ZDNET.
“In some circumstances, stolen credentials have been used to compromise the domain controller and then use other manual or automated components to deploy the MegaCortex payloads across the organization,” he added.
Researchers say that, while MegaCortex is seemingly no longer active, there are victims of the ransomware who opted not to pay the ransom, resulting in files being encrypted since the attack. Now, they’re able to retrieve them.
“The tool is already being used to successfully recover data and we are optimistic that more and more victims will be able to decrypt their ransomed data in the next few weeks,” said Botezatu.
Also: Cybersecurity in space: The out of-this-world challenges ahead
The MegaCortex decryptor is the latest ransomware decryption tool to be added to No More Ransom, an initiative by cybersecurity companies, law enforcement and academia to provide decryption tools for ransomware victims for free. The project has helped over 1.5 million victims of ransomware attacks retrieve their files without paying cyber criminals.
While law enforcement agencies recommend victims of ransomware attacks never pay the ransom, because it only encourages further ransomware attacks, many victims will opt to pay, viewing it as the easiest way to restore their networks. But even then, there’s no guarantee the decryption tool will work properly, or that the ransomware attackers won’t come back again and demand more money.
The best strategy for avoiding disruption due to ransomware is to avoid falling victim in the first place. Steps organizations can take to avoid this fate include applying security patches and updates soon after they’re released, so cyber criminals can’t exploit known vulnerabilities to access networks.
Organizations should also ensure user accounts are secured with multi-factor authentication, so if cyber criminals do successfully steal usernames and passwords, they’ll struggle to remotely access systems without the additional layer of authentication.
MORE ON CYBERSECURITY