Victims of the LockerGoga ransomware can now recover their stolen files for free, thanks to a new decryptor released by Romanian cybersecurity firm Bitdefender and the NoMoreRansom Initiative.
The LockerGoga ransomware family, known for its attacks against industrial organizations, first emerged in 2019.The file-encrypting malware was infamously used in an attack against Norsk Hydro in March 2019, forcing the Norwegian aluminum manufacturer to stop production for almost a week at a cost of more than $50 million. It was also used in attacks against Altran Technologies, a French engineering consultancy, and U.S.-based chemical companies Hexion and Momentive.
According to the Zurich Public Prosecutor’s Office, which also participated in the development of the decryptor along with Europol, the operators of LockerGoga were involved in ransomware attacks against more than 1,800 individuals and institutions in 71 countries, causing more than $100 million in damage.
The group behind the LockerGoga ransomware has been inactive since October 2021, when U.S. and European law enforcement agencies arrested 12 alleged members. Following the arrests, police spent months examining the data collected during the raid and discovered the group’s encryption keys to unlock data from LockerGoga ransomware attacks, the Zurich Public Prosecutor’s Office said.
“Decryption of data is normally possible when we either identify a vulnerability in the ransomware code or when individual decryption keys become available,” Bogdan Botezatu, director of threat research and reporting at Bitdefender, told TechCrunch. “This decryptor relies on the keys seized in the 2021 arrests, which have been shared with us privately as per our collaboration with the involved law enforcement authorities.”
Swiss prosecutors said the perpetrators were also behind the MegaCortex ransomware, targeting enterprise organizations in the U.S. and Europe since 2019, and said a decryptor for MegaCortex victims will be released in the coming months.
The LockerGoga decryptor is available to download for free from Bitdefender, as well as NoMoreRansom, which is home to 136 free tools for 165 ransomware variants, including Babuk, DarkSide, Gandcrab and REvil.
The NoMoreRansom initiative has so far helped over 1.5 million people successfully decrypt their devices without having to pay a ransom demand.