New Bitdefender decryptor for MegaCortex ransomware (Jan. 2023)

Sicherheit (Pexels, allgemeine Nutzung)[German]Victims of the MegaCortex ransomware family can now hope to recover their encrypted files. This is because a universal decryptor co-developed by Bitdefender is now available for files encrypted by the MegaCortex ransomware family. With this free tool, victims can make encrypted data from all MegaCortex versions available again. The decryptor is a joint development of Bitdefender, Europol, the NoMoreRansom project, and the public prosecutor's office and cantonal police in Zurich.


As of January 5, 2023, Bitdefender has published information about the release of the universal decryptor co-developed by its security researchers.

Use of the decryptor

The free Universal Decryptor, co-developed by Bitdefender, allows affected individuals to make encrypted data from all MegaCortex versions available again. The decryptor, which is available for Windows, can be downloaded here.

  • To decrypt data encrypted by Megacortex versions 2 to 4, the ransomware's notification must be present on the system ("!!_READ_ME_!!.TXT", "!-!_README_!-!.RTF").
  • In the case of MegaCortex V1 attacks, the notification and the TSV log file created by the ransomware (e.g. "fracxid.tsv") must be present on the system.

By clicking the Backup option, (encrypted) files are backed up so that a new attempt can be made in case of problems. With this option, the user sees both the files that have not yet been decrypted and those that have been decrypted, and can conveniently delete the former later. In addition, a log entry is created for the decryptions.

Files that were only partially recovered during previous attempts are – if the appropriate settings are made – replaced by new, cleaned files that are then successfully decrypted.

The tool also works in "silent mode" in the background and can then be controlled via command lines to make files available again in a large network. Users can also enter paths where encrypted files are located.


Some background

In October 2021, Europol had reported the arrest of twelve people as a result of an international operation against actors who had used Dharma, MegaCortex and LockerGoga ransomware. The victims of the attacks allegedly included over 1,800 victims in 71 countries. The damage caused was estimated at over $100 million.

Bitdefender is trying to save many companies from paying ransoms by continuously developing the most comprehensive ransomware decryption program. According to its own estimates, Bitdefender decryption tools have so far saved victims amounts totaling around $1 billion. These include, for example, the decryption tool for victims of Gandcrab attacks and the universal decryptor against the REvil ransomware. Last year, Bitdefender – together with the international and Swiss partners involved here – had also developed a universal decryptor for Lockergoga.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *