A security researcher releases a new decryption tool to help some victims of the Conti ransomware fix, allowing them to recover their encrypted data for free.
Conti is one of the most notorious ransomware groups, responsible for hundreds of attacks against organizations, netting criminals over $150 million. Its victims included the Costa Rican government, which declared a national emergency after systems in multiple departments were severely affected.
However, in February 2022, the Conti ransomware gang began to unfold. The group announced that it “fully supports the Russian government” after the invasion of Ukraine.
That statement, perhaps understandably, was not well received by many. Among them are people who historically the Conti ransomware group may have considered its partners.
Embarrassingly for a criminal gang that extorted millions of dollars from companies by threatening to leak data, someone leaked about 160,000 messages between members of the Conti group and the source code of the Conti ransomware. is.
It is this source code that was used to create the modified version of the Conti ransomware, including one used by the criminal group known as MeowCorp.
Researchers at Russian antivirus company Kaspersky have found a new free virus for those affected by analyzing data leaked from the Conti group, including source code, over 250 private keys, and pre-compiled decryption tools. announced that it was able to create a decryption tool for .
Kaspersky believes it has discovered the private keys needed to unlock the data files of 257 corporate victims, although 14 may have already paid the ransom to the attackers. The private key and decryption code are embedded in the latest version of Kaspersky’s free RakhniDecryptor tool.
According to Bleeping Computer, most of the attacks carried out by this variant of Conti ransomware targeted Russian organizations.
It goes without saying that you should back up any important data (even encrypted) before running the decryption tool, just in case…
In May 2022, the U.S. Department of State offered a bounty of up to $10,000,000 for information that helped identify the leader of the Conti ransomware group, and for information that helped arrest and/or convict gang members. provided an additional $5,000,000.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.
