Kaspersky has published a free decryptor for Meow ransomware, which is based on leaked Conti ransomware source code and has impacted several companies and government entities in December, according to The Record, a news site by Recorded Future.
Such a decryptor was developed using leaked data discovered late last month by Kaspersky researchers, who noted the presence of 258 private keys in 257 different folders, with companies' and government agencies' names present in at least 34 of the folders.
Fourteen of the 257 organizations impacted by Meow ransomware were believed to have paid the ransom demanded by the attackers. Meanwhile, inadequate security measures employed by Meow ransomware have been cited by Recorded Future ransomware expert Allan Liska as a key factor in the development of its ransomware decryptor.
"This is great work by Kaspersky and hopefully we will continue to see more of this type of activity by the public and private sectors. It looks like Kaspersky may have had access to their infrastructure, at least enough to be able to identify victims," Liska said.
Organizations in the government, real estate, telecommunications, retail, and other sectors across the U.S., Africa, and the Middle East have been subjected to intrusions under the new CL-STA-0002 threat cluster.
Ransomware attack lessons, from MOVEit and Doubledrive to MGM/Caesars
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news