There is good news for victims of LockerGoga ransomware. They can recover their files for free with a new decryption tool. The decryption tool is available through the No More Ransom project.
The decryptor was published by cybersecurity firm Bitdefender on Friday, in collaboration with the Zürich Public Prosecutor’s Office, Europol, and the Zürich Cantonal Police.
LockerGoga ransomware has been targeting users since around 2019. It was mainly used in cyberattacks against industrial organizations. Its key targets include the Norway-based energy and metal firm Norsk Hydro, French engineering consulting firm Altran, and American chemical manufacturer Momentive and Hexion.
LockerGoga ransomware operator is supposedly associated with a cybercrime gang, which also used MegaCortex ransomware and Dharma malware strain. It is worth noting that decryptor for MegaCortex ransomware victims will also be released soon.
According to researchers, LockerGoga ransomware gang hasn’t been too active since October 2021. By the same time, Europol had started working with law enforcement authorities from the US, the Netherlands, Norway, France, Germany, Ukraine, the USA, and Switzerland to arrest the 12 alleged members of the LockerGoga ransomware gang.
According to the Zürich Public Prosecutor’s Office, the investigation teams spent months analyzing the data gained during the Oct 2021 raid. They discovered private keys to help unlock the data from numerous ransomware attacks. Working with partner organizations, the prosecutors created a universal decryption tool using the master decryption key.
The attackers are accused of launching ransomware attacks on over 1,800 people/entities across 71 countries. Bitdefender’s director of threat research and reporting, Bogdan Botezatu, stated that the LockerGoga ransomware attacks caused damages of around $104 million.
The decryption keys were obtained from a specific actor already detained in Zürich and will be facing money laundering and hacking charges. Affected individuals are urged to file criminal complaints against the hackers if they haven’t already done that.
Cybersecurity experts believe that this gang is a third-tier ransomware group and has successfully launched large-scale attacks without having a force multiplier of a RaaS offering.
Indicators of a LockerGoga infection are the presence of files with a ‘.locked’ Iextension. If you or your company have been affected by LockerGoga, you can now use the tool below to recover your files for free.
The direct download of the decryptor is available here or you can visit No More Ransom Project’s website for more information.
- Universal decryptor key for Sodinokibi, REvil ransomware released
- How to decrypt your data from Hakbit & Jigsaw ransomware for free
- First Ransomware to Exploit Telegram Cracked and Decryptor Published
- GoodWill Ransomware demands food for the poor to decrypt locked files
- Programmer hacks attacker; releases decryption Mushtik ransomware keys