Avast and Bitdefender have released decryptors to help victims of BianLian and MegaCortex ransomware recover their data for free.
Written in Golang, BianLian emerged in August 2022 and has been used in targeted attacks against entertainment, healthcare, media, and manufacturing organizations.
Once it has been executed on a victim’s machine, the malware identifies all available drives to find files and encrypt them.
BianLian targets a total of 1,013 file extensions and features a particular encryption routine: it does not encrypt data at the beginning of a file, nor data at its end.
Known for its fast encryption capabilities, the ransomware appends the “.bianlian” extension to the affected files and drops a ransom note named “Look at this instruction.txt” in each folder on the machine. Once the encryption process has been completed, the malware deletes itself.
Avast warns that its decryption tool only works with files encrypted with a known variant of BianLian and that victims of more recent versions of the ransomware might need to provide a malware binary to be able to recover their data for free.
The BianLian decryptor (direct download) is available on Avast’s website. The cybersecurity firm also provides detailed instructions on how the tool should be used.
The MegaCortex ransomware initially emerged in January 2019, but did not rise to fame until May that year, when it was used in a global attack campaign.
The malware was used by the same cybercriminals who also distributed the Dharma and LockerGoga ransomware, and who are believed to have infected roughly 1,800 victims, mostly companies.
In 2020, MegaCortex was mentioned in a FireEye report as being one of the six ransomware families to use a ‘process kill list’ targeting over 1,000 processes, including industrial software.
In October 2021, Europol and Norwegian Police announced the arrest of 12 individuals believed to have been part of the cybercrime ring.
Earlier this month, Bitdefender announced the availability of a free decryption tool for the MegaCortex victims, built in cooperation with the NoMoreRansom Project, Europol, and Swiss law enforcement. The decryptor is available on Bitdefender’s website (direct download) and the company also provides a step-by-step guide to using the tool.

More from Ionut Arghire
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
Latest News
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
