{
	"id": "49421d84-0a97-4bc9-a346-62e7009ed39d",
	"created_at": "2026-04-06T00:18:46.697064Z",
	"updated_at": "2026-04-10T03:21:00.241331Z",
	"deleted_at": null,
	"sha1_hash": "0304eefa3787e35dc3a1f5717e2040f3271afff4",
	"title": "Bitdefender releases free decryptor for LockerGoga ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3228140,
	"plain_text": "Bitdefender releases free decryptor for LockerGoga ransomware\r\nBy Bill Toulas\r\nPublished: 2022-09-16 · Archived: 2026-04-05 17:23:32 UTC\r\nRomanian cybersecurity firm Bitdefender has released a free decryptor to help LockerGoga ransomware victims recover\r\ntheir files without paying a ransom.\r\nThe free tool is available for download from Bitdefender's servers and allows you to recover encrypted files using\r\ninstructions in this usage guide [PDF].\r\nBitdefender says the decryptor was developed in cooperation with law enforcement agencies, including Europol, the\r\nNoMoreRansom Project, the Zürich Public Prosecutor's Office, and the Zürich Cantonal Police.\r\nhttps://www.bleepingcomputer.com/news/security/bitdefender-releases-free-decryptor-for-lockergoga-ransomware/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/bitdefender-releases-free-decryptor-for-lockergoga-ransomware/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nFor a working decryptor to be created, researchers usually need to identify a flaw in the cryptography used by the\r\nransomware encryptor.\r\nHowever, in this case, the LockerGoga operators were arrested in October 2021, which may have allowed law enforcement\r\nto access the master private keys used to decrypt victims' encryption keys.\r\nHow to decrypt your files\r\nFiles encrypted by LockerGoga will have the \".locked\" filename extension and cannot be opened with regular software.\r\nBitdefender's tool offers to scan your entire filesystem or a single folder, locate any encrypted files, and perform the\r\ndecryption automatically.\r\nBitdefender's LockerGoga decryptor\r\nFor this to work, the computer needs to be connected to the internet, and the ransom notes generated by the ransomware\r\nduring the encryption need to be in the original paths.\r\nBitdefender says the decryptor can operate either on a single machine or on entire networks encrypted by LockerGoga.\r\nNote that the decryption process can be interrupted or not always work as expected, and you might end up with corrupted\r\nfiles. For this reason, the decrypter has the \"backup files\" option ticked by default, and users are recommended to leave that\r\nsetting enabled.\r\nWho was LockerGoga\r\nThe LockerGoga ransomware operation launched in January 2019, hitting high-profile targets such as the French\r\nengineering firm Altran Technologies and the Norwegian aluminum giant Norsk Hydro.\r\nTogether with Ryuk and MegaCortex, LockerGoga was involved in ransomware attacks against at least 1,800\r\norganizations worldwide.\r\nIn October 2021, twelve individuals were arrested in an international law enforcement operation for deploying various\r\nransomware strains, including LockerGoga.\r\n\"Its operator, who has been detained since October 2021 pending trial, is part of a larger cybercrime ring that used\r\nLockerGoga and MegaCortext ransomware to infect more than 1,800 persons and institutions in 71 countries to cause an\r\nhttps://www.bleepingcomputer.com/news/security/bitdefender-releases-free-decryptor-for-lockergoga-ransomware/\r\nPage 3 of 4\n\nestimated damage of $US 104 million,\" Bitdefender explains in the decryptor announcement.\r\nSince the operator's arrest, threat actors have ceased using the LockerGoga ransomware, and the ransomware's source code\r\nwas never released.\r\nTherefore, this decryptor will mostly be for past victims who refused to pay the ransom and have been waiting to recover\r\ntheir files for free.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/bitdefender-releases-free-decryptor-for-lockergoga-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/bitdefender-releases-free-decryptor-for-lockergoga-ransomware/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/bitdefender-releases-free-decryptor-for-lockergoga-ransomware/"
	],
	"report_names": [
		"bitdefender-releases-free-decryptor-for-lockergoga-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434726,
	"ts_updated_at": 1775791260,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0304eefa3787e35dc3a1f5717e2040f3271afff4.pdf",
		"text": "https://archive.orkl.eu/0304eefa3787e35dc3a1f5717e2040f3271afff4.txt",
		"img": "https://archive.orkl.eu/0304eefa3787e35dc3a1f5717e2040f3271afff4.jpg"
	}
}