Avast and Bitdefender have released decryptors to help victims of BianLian and MegaCortex ransomware recover their data for free.
Written in Golang, BianLian emerged in August 2022 and has been used in targeted attacks against entertainment, healthcare, media, and manufacturing organizations.
Once it has been executed on a victim’s machine, the malware identifies all available drives to find files and encrypt them.
BianLian targets a total of 1,013 file extensions and features a particular encryption routine: it does not encrypt data at the beginning of a file, nor data at its end.
Known for its fast encryption capabilities, the ransomware appends the “.bianlian” extension to the affected files and drops a ransom note named “Look at this instruction.txt” in each folder on the machine. Once the encryption process has been completed, the malware deletes itself.
Avast warns that its decryption tool only works with files encrypted with a known variant of BianLian and that victims of more recent versions of the ransomware might need to provide a malware binary to be able to recover their data for free.
The BianLian decryptor (direct download) is available on Avast’s website. The cybersecurity firm also provides detailed instructions on how the tool should be used.
The MegaCortex ransomware initially emerged in January 2019, but did not rise to fame until May that year, when it was used in a global attack campaign.
The malware was used by the same cybercriminals who also distributed the Dharma and LockerGoga ransomware, and who are believed to have infected roughly 1,800 victims, mostly companies.
In 2020, MegaCortex was mentioned in a FireEye report as being one of the six ransomware families to use a ‘process kill list’ targeting over 1,000 processes, including industrial software.
In October 2021, Europol and Norwegian Police announced the arrest of 12 individuals believed to have been part of the cybercrime ring.
Earlier this month, Bitdefender announced the availability of a free decryption tool for the MegaCortex victims, built in cooperation with the NoMoreRansom Project, Europol, and Swiss law enforcement. The decryptor is available on Bitdefender’s website (direct download) and the company also provides a step-by-step guide to using the tool.
