Cybersecurity firm Bitdefender published a new decryptor on Friday for LockerGoga, a strain of ransomware best known for its 2019 attack on Norwegian aluminum giant Norsk Hydro.
The new decryptor is a joint effort between Bitdefender, Europol, the NoMoreRansom Project, the Zürich Public Prosecutor’s Office and the Zürich Cantonal Police.
LockerGoga is a ransomware variant that changes the password of its victims once it infects their devices. The malware hides in the victim’s device, creating a renamed folder that contains encrypted content.
The ransomware has affected over 1,800 victims in 71 countries. Twelve members of LockerGoga Ransomware were arrested in 2021 in Ukraine and Switzerland in an operation that saw law authorities confiscate $52,000, five vehicles, and other valuable assets.
The security biz has also published a step-by-step guide [PDF] on how to use the decryptor LockerGoga on single PCs and networked computers.
In addition to pushing the decryptor tool, Zürich law enforcement released details about criminal proceedings against a miscreant who they accused of being part of a cybercrime gang that used LockerGoga and MegaCortext ransomware to infect computers used by more than 1,800 people and organizations in 71 countries, causing estimated damages totaling hundreds of millions of dollars.
The alleged perpetrator was arrested by Swiss authorities in October 2021 on suspicion of money laundering and data corruption. His arrest was part of a larger Europol- and European Union Agency for Criminal Justice Cooperation (Eurojust) effort that collared 12 suspected cybercriminals, and involved law enforcement from France, the Netherlands, Norway, Ukraine, the US, and Switzerland.
MegaCortex, which also first appeared in 2019, includes a signed Windows executable as part of the payload and targets corporations, according to earlier published by TrendMicro.