{
	"id": "4bcb8092-9325-4e61-ac66-9ac7f1f352f4",
	"created_at": "2026-04-10T03:20:20.763838Z",
	"updated_at": "2026-04-10T13:12:03.934799Z",
	"deleted_at": null,
	"sha1_hash": "58b6ed901be07fde7309311287466af7767bdb72",
	"title": "Bitdefender releases free MegaCortex ransomware decryptor",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3032903,
	"plain_text": "Bitdefender releases free MegaCortex ransomware decryptor\r\nBy Bill Toulas\r\nPublished: 2023-01-05 · Archived: 2026-04-10 02:49:43 UTC\r\nAntivirus company Bitdefender has released a decryptor for the MegaCortex ransomware family, making it\r\npossible for victims of the once notorious gang to restore their data for free.\r\nThe creation of the decryptor was the combined work of Bitdefender analysts and experts from Europol, the\r\nNoMoreRansom Project, and the Zürich Public Prosecutor's Office and Cantonal Police.\r\nUsing the decryptor is pretty straightforward, as it's a standalone executable that doesn't require installation and\r\noffers to locate encrypted files on the system automatically.\r\nhttps://www.bleepingcomputer.com/news/security/bitdefender-releases-free-megacortex-ransomware-decryptor/\r\nPage 1 of 4\n\nDecryptor's welcome screen (BleepingComputer)\r\nMoreover, the decryptor can back up the encrypted files for safety in case something goes wrong in the decryption\r\nprocess that could corrupt the files beyond recovery.\r\nDecryptor's options (BleepingComputer)\r\nAlso, for those who attempted to decrypt their files previously with mixed success, the new decryptor offers an\r\nadvanced setting to replace them with clean files.\r\nhttps://www.bleepingcomputer.com/news/security/bitdefender-releases-free-megacortex-ransomware-decryptor/\r\nPage 2 of 4\n\nYou may download the tool from this page and read the user manual for more details on using Bitdefender's\r\nMegaCortex decryptor.\r\nMegaCortex's rise and fall\r\nThe MegaCortex ransomware was first discovered by Sophos researchers in May 2019, who observed it targeting\r\ncorporate networks and found along with QBot, Emotet, and Cobalt Strike.\r\nSamples captured in July 2019 revealed that MegaCortex operators were launching more targeted attacks,\r\nadjusting the ransom demands according to the victim size and using particularly threatening language.\r\nIn November 2019, MegaCortex operators started engaging in double extortion tactics, threatening the victims\r\nwith the publication of their data if they didn't meet their demands.\r\nBy the end of that month, the Dutch National Cyber Security Centre placed MegaCortex among the most\r\nactive ransomware operations in the cybercrime underground.\r\nIn December 2019, the FBI warned organizations about the threat of MegaCortex, describing the intrusion\r\nmethods used by the threat group and providing defense tips and mitigation recommendations.\r\nThroughout 2020, the activity of MegaCortex waned, and there weren't many victims affected by this particular\r\nstrain.\r\nIn October 2021, Europol announced the arrest of 12 individuals responsible for 1,800 ransomware attacks in 71\r\ncountries, many of which deployed the MegaCortex and LockerGoga strains.\r\nThis arrest ultimately led to the release of a free LockerGoga ransomware decryptor by BitDefender in September\r\nafter the authorities discovered private keys used in attacks.\r\n\"This analysis revealed numerous private keys from ransomware attacks. These keys enable damaged companies\r\nand institutions to restore data previously encrypted with the \"LockerGoga\" or \"MegaCortex\" malware,\" stated a\r\ncoordinated announcement by the Zürich Public Prosecutor's Office.\r\nWhile BitDefender has not stated how they obtained the private keys for today's MegaCortex decryptor, it was\r\nlikely created with master keys found by the Zurich authorities.\r\nhttps://www.bleepingcomputer.com/news/security/bitdefender-releases-free-megacortex-ransomware-decryptor/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one\r\nwithout the other.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three\r\ndiagnostic questions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/bitdefender-releases-free-megacortex-ransomware-decryptor/\r\nhttps://www.bleepingcomputer.com/news/security/bitdefender-releases-free-megacortex-ransomware-decryptor/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/bitdefender-releases-free-megacortex-ransomware-decryptor/"
	],
	"report_names": [
		"bitdefender-releases-free-megacortex-ransomware-decryptor"
	],
	"threat_actors": [],
	"ts_created_at": 1775791220,
	"ts_updated_at": 1775826723,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/58b6ed901be07fde7309311287466af7767bdb72.pdf",
		"text": "https://archive.orkl.eu/58b6ed901be07fde7309311287466af7767bdb72.txt",
		"img": "https://archive.orkl.eu/58b6ed901be07fde7309311287466af7767bdb72.jpg"
	}
}