Conti ransomware decrypted by Kaspersky
Victims of the Conti ransomware group can recover their encrypted data without paying ransom after Kaspersky cracked the Conti ransomware code. The security company used leaked data belonging to the notorious crime group to develop the new decryptor tool.
And according to Kaspersky, the new tool can decrypt even the new Conti strain uncovered in December 2022.
Ever since the Russian-backed gang came into the limelight in 2019, they have been wreaking havoc in the cybersecurity scene pulling multiple large-scale attacks on public and private organisations. By 2021, Conti was the most active ransomware gang.
The ransomware was offering its Ransomware-as-a-service and one notable attack by one of their affiliates is the encryption of Ireland's state-run health service by WizardSpider in 2022. The attack led to months of disruption and millions in damage, not to mention health impact to the citizens.
However, in February 2022 a fallout happened within Conti after the gang declared its full support of Russia’s invasion of Ukraine. This led to the leak of hundreds of Conti’s internal files including private conversations and their source code.
The result was the creation of different variants of the Conti ransomware and an exodus by some members who began collaborating with other cybercriminals.
In a notice dated May 6 2022, the US Department of State said the Conti ransomware variant was the costliest strain of ransomware on record, noting that as of January, more than 1,000 organisations had been hit and over $150 million paid out as ransom.
Now in a new twist of fate leaked Conti data has helped Kaspersky create the public decryptor tool that victims can use to recover their data.
This latest leak contained 258 private keys, source code and some pre-compiled decryptors. There were also folders that Kaspersky believes were created for Conti victims. 34 of the folders named specific companies and government agencies.
"Assuming that one folder corresponds to one victim and that the decryptors were generated for the victims who paid the ransom, it can be suggested that 14 victims out of the 257 paid the ransom to the attackers," Kaspersky researchers said.
The new decryption key developed by Kaspersky together with the 258 keys that were leaked have been added to Kaspersky's utility RakhniDecryptor which can be found on the vendor's No Ransom site.