We have just released a decryptor for the MegaCortex ransomware family. This decryptor was built in cooperation with Europol, the NoMoreRansom Project, the Zürich Public Prosecutor's Office and the Zürich Cantonal Police.
In October 2021, twelve individuals were arrested in an international law enforcement operation against Dharma, MegaCortex and LockerGoga ransomware.
This group was responsible for an estimated 1,800 infections, mostly targeting companies. Following the LockerGoga decryptor, we now release a universal tool for MegaCortex infections.
Important note: Victims with data encrypted by versions 2 through 4 need the ransom note (e.g. “!!READ_ME!!!.TXT”, “!-!README!-!.RTF”, etc) present. MegaCortex V1 decryption (the encrypted files have the “.aes128ctr” extension appended) requires the presence of the ransom note and TSV log file (e.g. “fracxidg.tsv”) created by the ransomware.
If you or your company have been affected by MegaCortex, you can now use the tool below to recover your files for free. We have a step-by-step tutorial on how to operate the decryptor in both single-computer and network modes.