Security researchers have released a new decryption tool that should come to the rescue of some victims of a modified version of the Conti ransomware, helping them to recover their encrypted data for free.
Conti was one of the most notorious ransomware groups, responsible for hundreds of attacks against organisations, which netted criminals over $150 million. Its victims included the government of Costa Rica which declared a national emergency after systems in multiple departments were severely impacted.
However, things began to unravel for the Conti ransomware gang in February 2022, when the group announced its “full support of the Russian government” after the invasion of Ukraine.
That statement, perhaps understandably, didn’t go down well with many people – including people who historically the Conti ransomware group might have considered its partners-in-arms.
Embarrassingly for the criminal gang who extorted millions from businesses by threatening to leak their data, someone chose to leak some 160,000 messages between the Conti group’s members, and the source code for the Conti ransomware.
It is this source code that was used to create modified versions of the Conti ransomware, including one which is used by a criminal group sometimes known as MeowCorp.
Researchers at Russian anti-virus firm Kaspersky have announced that an analysis of data leaked from the Conti group, including the source code, over 250 private keys, and pre-compiled decryptors, has allowed it to create a new free decryption tool for those affected.
Kaspersky believes it has uncovered the private keys required to unlock data files for 257 corporate victims, although 14 may already have paid the ransom to their attackers. The private keys and decryption code have been incorporated into the latest version of Kaspersky’s free RakhniDecryptor tool.
According to Bleeping Computer, most of the attacks perpetrated by this modification of the Conti ransomware targeted Russian organisations.
Hopefully it goes without saying that you should back up your important data (even if encrypted) before running any decryption tool, just in case…
In May 2022 the US Department of State offered a reward of up to $10,000,000 for information which would help them identify the leaders of the Conti ransomware group, and a further $5,000,000 for information which helped arrest and/or convict a member of the gang.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
