Victims of MegaCortex ransomware attacks can now decrypt their files without giving into the ransom demands of cyber criminals, thanks to a free decryption tool that's been released following collaboration between cybersecurity researchers and police.
The MegaCortex ransomware decryptor was built by cybersecurity analysts at Bitdefender in cooperation with Europol, the No More Ransom Project, the Zürich Public Prosecutor's Office, and the Zürich Cantonal Police.
"MegaCortex is operated by a complex team -- some of the team members specialize in identifying and exploiting known vulnerabilities in exposed infrastructure, or by leveraging a pre-existing infection on the network -- such as Emotet or Qakbot," Bogdan Botezatu, director of threat research and reporting at Bitdefender, told ZDNET.
"In some circumstances, stolen credentials have been used to compromise the domain controller and then use other manual or automated components to deploy the MegaCortex payloads across the organization," he added.
Researchers say that, while MegaCortex is seemingly no longer active, there are victims of the ransomware who opted not to pay the ransom, resulting in files being encrypted since the attack. Now, they're able to retrieve them.
"The tool is already being used to successfully recover data and we are optimistic that more and more victims will be able to decrypt their ransomed data in the next few weeks," said Botezatu.
The MegaCortex decryptor is the latest ransomware decryption tool to be added to No More Ransom, an initiative by cybersecurity companies, law enforcement and academia to provide decryption tools for ransomware victims for free. The project has helped over 1.5 million victims of ransomware attacks retrieve their files without paying cyber criminals.
The best strategy for avoiding disruption due to ransomware is to avoid falling victim in the first place. Steps organizations can take to avoid this fate include applying security patches and updates soon after they're released, so cyber criminals can't exploit known vulnerabilities to access networks.