[German]Small note for people who have fallen victim to LockerGoga ransomware. Bitdefender has informed me that the company has released a universal decryptor. This allows victims of all previous LockerGoga ransomware attacks to recover their encrypted files. Europol, the NoMoreRansom Initiative, the Zurich Public Prosecutor's Office and the Zurich Cantonal Police participated in the development of the decryptor, which is freely available for download.
The LockerGoga ransomware
The LockerGoga ransomware family first appeared in 2019. The ransomware became known through successful attacks on Norsk Hydro in Norway as well as attacks in the United States. The criminal operators, who were also behind the MegaCortext ransomware, infected more than 1,800 individuals and organizations in 71 countries. The attacks caused an estimated $104 million in damage. One member of the LockerGoga operators has been imprisoned since October 2021.
The Bitdefender decryptor
Bitdefender received a key from law enforcement that was used to create the decryptor, but was not involved in the investigation underlying it. Users can easily recognize data encrypted by LockerGoga by the .locked extension. Bitdefender's decryptor works on PC systems in the corporate network as well as on local individual computers. The decryptor for download as well as a tutorial can be found on this website.
Tips against Ransomware
Ransomware is a permanent risk for companies and organizations of all sizes and in all industries. IT security managers and all employees should follow the advice below:
- Usually, ransomware attacks start with phishing emails and social engineering. Therefore, organizations should regularly educate their employees about the dangers behind clicking on links and opening files from unknown sources.
- Ensure security platforms such as Endpoint Detection & Response (EDR) and Extended Detection & Response (XDR), respectively, are updated with the latest Indicator of Compromise (IOCs) that look for LockerGoga and other known threats.
- One thing to consider is the use of a Managed Detection and Reponse (MDR) service. Its experts increase the efficiency of internal IT security departments in active threat hunting.
Bitdefender operates one of the industry's most comprehensive ransomware decryption programs and has helped save victims from paying an estimated $1 billion in extortion money. To date, the company has deployed 21 decryption tools, including decryptors against Gandcrab and a general-purpose decryptor against REvil ransomware.
Cookies helps to fund this blog: Cookie settings