Europol and Bitdefender Release Free Decryptor for LockerGoga Ransomware

A decryptor for the LockerGoga ransomware has been made available^[1]
by Romanian cybersecurity firm Bitdefender in collaboration with
Europol, the No More Ransom project, and Zürich law enforcement
authorities.

Identified in January 2019, LockerGoga drew headlines for its
attacks against the Norwegian aluminum giant Norsk Hydro^[2]. It’s said to have
infected more than 1,800 victims in 71 countries, causing an
estimated $104 million in damages.

The ransomware operation received a significant blow in October
2021 when 12 people in connection with the group, alongside
MegaCortex and Dharma, were apprehended as part of an international law enforcement
effort^[3].

The arrests, which took place in Ukraine and Switzerland, also
saw the seizure of cash worth $52,000, five luxury vehicles, and a
number of electronic devices. One of the accused is currently in
pretrial detention in Zurich.

The Zurich Cantonal Police further said it spent the past months
examining the data storage devices confiscated from the individual
during the 2021 arrests and identified numerous private keys that
were used to lock the data.

Decryption for MegaCortex is also expected to be published in
the coming months. Victimized parties are also recommended to file
a criminal complaint in their respective home countries.

“These keys enable the aggrieved companies and institutions to
recover the data that was previously encrypted with the malware
LockerGoga or MegaCortex,” the agency said^[4].

As recommendations, the police department is urging
organizations to securely handle emails, block suspicious email
attachments, create regular backups, enforce two-factor
authentication, and keep IT systems up-to-date.