Antivirus company Bitdefender has released a decryption tool for the MegaCortex ransomware family that enables victims to recover their data for free.
Decryptor, jointly developed with Europol, the NoMoreRansom Project, the Zurich Public Prosecutor’s Office and the Zürich Cantonal Police, is a standalone executable file that does not require installation and can automatically locate encrypted files on the system.
There are some criteria that Bitdefender sets on file website (Opens in a new tab)stating that “Victims with data encrypted by versions 2 through 4 require a ransom note (eg “!! READ_ME!!!. TXT”, “! -! README! – !. RTF”, etc.) Decryption of MegaCortex V1 (encrypted files appended with “.aes128ctr” extension) requires a ransom note and a TSV log file (eg “fracxidg.tsv”) created by the ransomware.”
Decoding MegaCortex
MegaCortex was first discovered in May 2019 by Sophos researchers, and although it has been lying somewhat dormant as of late, it has been seen that the ransomware has mainly targeted companies and businesses.
The tool also promises to back up your encrypted files, in case they become so corrupted by the decryption process that they are no longer repairable.
The MegaCortex Decryption Software is the latest addition to the NoMoreRansom initiative, which provides decryption tools to victims of ransomware attacks for free. To date, the project has helped more than 1.5 million victims recover their files without paying cybercriminals money.
Security companies recommend that victims refrain from paying to regain access to their data, for fear that it could lead to further attacks. As always, prevention is the best medicine, and installing relevant protections and applying security updates and patches is still greatly appreciated.