Conti-based ransomware ‘MeowCorp’ gets free decryptor

2023-03-16 18:08

A decryption tool for a modified version of the Conti ransomware could help hundreds of victims recover their files for free.

The utility works with data encrypted with a strain of the ransomware that emerged after the source code for Conti was leaked last year in March [1, 2]. Hundreds of victims encrypted.

Researchers at cybersecurity company Kaspersky found the leak on a forum where the threat actors released a cache of 258 private keys from a modified version of the Conti ransomware.

The variant was used in attacks against various private and public organizations over the past year by a ransomware group that some researchers track as MeowCorp. Ransomware researcher Amigo-A told BleepingComputer that the threat actors published the data on a Russian-speaking forum in February 2022, which contained a link to an archive containing decryption keys, decryptor executables, and the decryptor source code.

The researcher's revenge continued through March by leaking the source code for the ransomware encryptor, decryptor, and builder, as well as the administrative panels [1, 2]. It didn't take long for the operation to break down and in May 2022 the Conti team leaders took offline the infrastructure and announced that the brand no longer existed.

The U.S. government assesses that Conti was one of the most lucrative ransomware operations, making thousands of victims and amassing more than $150 million in ransom payments.

News URL

https://www.bleepingcomputer.com/news/security/conti-based-ransomware-meowcorp-gets-free-decryptor/

#conti #ransomware