Free decryptor released for Conti-based ransomware following data leak

Free decryptor released for Conti-based ransomware following data leak

Security researchers have released a new decryption tool that should come to the rescue of some victims of modified versions of Conti ransomware, helping them recover their encrypted data for free.

Conti is one of the most notorious ransomware groups, responsible for hundreds of attacks against organizations, netting criminals over $150 million. Among its victims is the Costa Rican government that declared a national emergency after systems in many departments were severely affected.

However, things began to unravel for the Conti ransomware gang in February 2022, when the group announced their “full support of the Russian government” after the invasion of Ukraine.

That statement, perhaps understandably, didn’t sit well with many people – including people who historically the Conti ransomware group might consider its partners-in-arms.

Embarrassingly for the criminal gang that extorted millions from businesses by threatening to leak their data, someone chose to leak around 160,000 messages between members of the Conti group, and of source code for Conti ransomware.

This is the source code used to create modified versions of the Conti ransomware, including one used by a criminal group sometimes known as MeowCorp.

Researchers at Russian anti-virus firm Kaspersky have announced that an analysis of data leaked from the Conti group, including source code, more than 250 private keys, and precompiled decryptors, allowed it to create a new free decryption tool decryption for those affected.

Kaspersky believes it has discovered the private keys needed to unlock data files for 257 corporate victims, although 14 may have already paid ransom to their attackers. Private keys and decryption codes are included in the latest version of the Kaspersky’s free RakhniDecryptor tool.

According to Bleeping Computermost of the attacks made by this variation of Conti ransomware targeted Russian organizations.

It goes without saying that you should back up your important data (even encrypted) before running any decryption tool, just in case…

In May 2022 the US Department of State offered a reward of up to $10,000,000 for information that helps them identify the leaders of the Conti ransomware group, and an additional $5,000,000 for information that helps lead to the arrest and/or conviction of a gang member.

Editor’s Note: The opinions expressed in this guest authored article are those of the contributors only, and do not necessarily reflect the opinions of Tripwire, Inc.