Data Security

Free decryptor for MegaCortex ransomware released

Bitdefender, a company that specializes in antivirus software, has now launched a decryptor for the MegaCortex ransomware, which will enable anybody whose data has been encrypted by the malware to get it back for free.

When security researchers at Sophos discovered the MegaCortex ransomware in May 2019, it was the first time that it has been seen in the wild as a potential threat.


The specialists observed that other forms of malware, such as Emotet and Qbot (also known as Qakbot), were present on the same network when MegaCortex attacks were carried out.

After police searches in Switzerland, Bitdefender has released a decryptor for the MegaCortex ransomware.
A decryptor for the ransomware known as MegaCortex has been made available by the cybersecurity firm Bitdefender. This malware was used in assaults all around the world until police raids halted its activities.


The decryptor was created in collaboration with the Swiss police and European law enforcement organizations, who in October 2021 conducted raids against the accused cybercriminals who were responsible for the Dharma, MegaCortex, and LockerGoga ransomware strains.

At the time, Europol said that the organization was responsible for 1,800 infections spread over 71 countries. These infections were caused by all three variants of ransomware. They were suspected by law enforcement authorities in Europe of being the ones who started the assault on the Norwegian aluminum firm Norsk Hydro in 2019.

Since the raids, Bitdefender has collaborated with Europol, the NoMoreRansom Project, the Public Prosecutor’s Office in Zürich, and the Zürich Cantonal Police to develop decryptors for each kind of ransomware. They plan to release a decryptor for LockerGoga in the year 2022. They created the universal decryptors by using the master decryption keys that were discovered during the raids. Despite this, they strongly encouraged anyone who were impacted by the ransomware to register criminal charges if they had not already done so.

Since the month of November 2019, operators of the MegaCortex have begun using a twofold extortion strategy. In order to get a decryptor, the organization often demanded ransom payments ranging from $20,000 to $5.8 million.

The Federal Bureau of Investigation (FBI) issued a warning to private enterprise in December 2019 on the possibility of cyber attacks employing the LockerGoga and MegaCortex Ransomware.
The decryptor was built by researchers from Bitdefender with the assistance of researchers from the NoMoreRansom Project, the Public Prosecutor’s Office and Cantonal Police of Zürich, and Europol.
This application comes in the form of an executable file that may be obtained from the Bitdefender servers.

The decryptor also offers a mode known as “Scan Entire System,” which enables users to look for encrypted files throughout the entire system.

The “Backup files” option is highly recommended for users to keep enabled, as stated in the user guide that was recently distributed by the security company.

Users who have the backup option checked will be able to see files in both their encrypted and decrypted states.


To Top

Pin It on Pinterest

Share This