A decryptor for the LockerGoga ransomware has been made available by Romanian cybersecurity firm Bitdefender in collaboration with Europol, the No More Ransom project, and Zürich law enforcement authorities.
Identified in January 2019, LockerGoga drew headlines for its attacks against the Norwegian aluminum giant Norsk Hydro. It’s said to have infected more than 1,800 victims in 71 countries, causing an estimated $104 million in damages.
The ransomware operation received a significant blow in October 2021 when 12 people in connection with the group, alongside MegaCortex and Dharma, were apprehended as part of an international law enforcement effort.
The arrests, which took place in Ukraine and Switzerland, also saw the seizure of cash worth $52,000, five luxury vehicles, and a number of electronic devices. One of the accused is currently in pretrial detention in Zurich.
The Zurich Cantonal Police further said it spent the past months examining the data storage devices confiscated from the individual during the 2021 arrests and identified numerous private keys that were used to lock the data.
A decryption utility for MegaCortex is also expected to be published in the coming months. Victimized parties are also recommended to file a criminal complaint in their respective home countries.
“These keys enable the aggrieved companies and institutions to recover the data that was previously encrypted with the malware LockerGoga or MegaCortex,” the agency said.
As recommendations, the police department is urging organizations to securely handle emails, block suspicious email attachments, create regular backups, enforce two-factor authentication, and keep IT systems up-to-date.