A decryption tool for a modified version of the Conti ransomware could help hundreds of victims recover their files for free.
The utility works with data encrypted with a strain of the ransomware that emerged after the source code for Conti was leaked last year in March [
1,
2].
Hundreds of victims encrypted
Researchers at cybersecurity company Kaspersky found the leak on a forum where the threat actors released a cache of 258 private keys from a modified version of the Conti ransomware.
The variant was used in attacks against various private and public organizations over the past year by a ransomware group that some researchers track as MeowCorp.
Ransomware researcher
Amigo-A told BleepingComputer that the threat actors published the data on a Russian-speaking forum in February 2022, which contained a link to an archive containing decryption keys, decryptor executables, and the decryptor source code.
