Conti-powered MeowCorp ransomware gets free decryptor
Interestingly, the attackers themselves posted the necessary encryption keys on the network.
Researchers from Kaspersky Lab recently discovered leak on one of the Russian-language hacker forums. Attackers from a group tracked by the name MeowCorp have voluntarily released a large data package consisting of 258 private encryption keys, source code, and some precompiled decryptors from a modified version of the Conti ransomware. The hackers reported that they were shutting down their activities, which is why they posted the above data.
Over the past year, this particular ransomware variant has been used in attacks on various private and public organizations in different countries. According to data obtained by Kaspersky Lab, it can be assumed that a strain of the Conti ransomware modified by MeowCorp was used to encrypt 257 victims, only 14 of whom paid the attackers to recover their locked data.
It is likely that the leaked data is only a part of all MeowCorp attacks, however, the hackers themselves, in their forum post, claim that the published keys include all the victims affected by the encryption.
Kaspersky Lab promptly added the leaked keys to its Rakhni Decryptor. Now, according to experts, the program can recover files encrypted with a variation of the Conti ransomware used in MeowCorp attacks.
You can download the latest version of Rakhni Decryptor from official site Kaspersky Labs. Available there detailed instructions for decrypting locked files.