Victims of LockerGoga and MegaCortex ransomware can reclaim their files for free, say Swiss police, courtesy of private encryption keys recovered from a suspected member of a ransomware-wielding gang.
“Numerous” keys were recovered after analyzing data seized as part of an investigation into a now-defunct gang that allegedly used LockerGoga, MegaCortex and Dharma ransomware to infect victims and extort them into paying a ransom in return for a decryption key for their maliciously encrypted data.
The perpetrators are accused of ransomware attacks on over 1,800 people and institutions in 71 countries, Swiss authorities say. Damage caused by the group, including ransoms paid by victims, is estimated to have exceeded $100 million, they say.
One of the largest organizations to be hit with LockerGoga is Norwegian aluminum giant Norsk Hydro, which was attacked in March 2019. The company, which didn’t pay a ransom, estimated eight months later that the cost of the attack and required recovery operations could reach $71 million.
As part of a crackdown on the gang’s operations, 12 individuals were arrested in Switzerland and Ukraine in October 2021. European authorities say the gang appeared to make use of various ransomware-as-a-service offerings – not just LockerGoga and MegaCortex but also GandCrab and its successor REvil, aka Sodinokibi.