Europol and Bitdefender Jointly Release LockerGoga Decryptor

  • Bitdefender has released a new decryptor for the LockerGoga ransomware, a cyber–threat that cost Norwegian aluminum producer Norsk Hydro as much as £40m ($41m) back in 2019.

    The novel piece of software was released by the cybersecurity company in collaboration with Europol, the NoMoreRansom Project, the Zürich Cantonal Police and the Zürich Public Prosecutor’s Office.

    “We’re pleased to announce the availability of a new decryptor for LockerGoga,” Bitdefender wrote in a blog post over the weekend.

    “Indicators of a LockerGoga infection are the presence of files with a ‘.locked’ extension. If you or your company have been affected by LockerGoga, you can now use the tool […] to recover your files for free.”

    Beyond the Norsk Hydro attacks, LockerGoga also targeted several other companies in Norway and across the US.

    According to Bitdefender, LockerGoga’s operator, who has been detained since October 2021 pending trial, is part of a larger cybercrime ring.

    “[The network] reportedly used LockerGoga and MegaCortext ransomware to infect more than 1,800 persons and institutions in 71 countries to cause an estimated damage of $104m,” the company wrote.

    Now, victims of these cyber–attacks can decrypt their files using the new LockerGoga decryptor, available for download at this link.

    Bitdefender has also published a handy step–by–step tutorial designed to help individuals operate the decryptor in both single–computer and network modes.

    “The tool also provides the possibility of running silently, via a command line,” reads the document. “If you need to automate the deployment of the tool inside a large network, you might want to use this feature.”

    An analysis of the Norsk Hydro ransomware attack published by Dragos in March 2020 suggested the campaign may have been a state–backed attempt to disrupt rather than extort money.

    More recently, Interpol revealed in November last year an operation that saw the capture of 12 threat actors believed to have been involved in deploying the LockerGoga, MegaCortex and Dharma variants or laundering the proceeds.