The publication in Bleeping Computer reports that the specialists of MalwareHunterTeam and Vitali Kremez noticed the new version of MegaCortex. Now the ransomware changes the extensions of the affected files to .m3g4c0rtx, and uses a couple of new tricks.
Therefore, now MegaCortex Launcher extracts two DLL files and three CMD scripts to the C:\Windows\Temp folder. At the same time, the launcher is signed by Sectigo certificate issued by the Australian company MURSA PTY LTD. CMD files are used to execute a number of commands, including deleting shadow copies and overwriting all free space on the C:\drive.
“In addition, MegaCortex will now configure a legal notice on the encrypted machine so that it displays a basic “Locked by MegaCortex” ransom message with email contacts before a user even logs in”, — write Bleeping Computer journalists.
Now MegaCortex also intimidates its victims, forcing them to pay.
The fact is that a new ransom note begins with the phrase “all your credentials have been changed and all files are encrypted.” As the experts found out, this is not an empty threat: the malware really changes the passwords of victims in Windows accounts.
In addition, now the attackers claim that they not only encrypted, but also copied all the data of the victim, and threatened to publish it in the public domain if they did not receive the ransom.
“We have also downloaded your data to a secure location. In the unfortunate event of us not coming to an agreement we will have no choice but to make this data public. Once the transaction is finalized all of copies of data we have downloaded will be erased”, — says cybercriminals’ message.
Researchers note that so far there is no evidence that the attackers are really copying information of the victims. However, this threat should not be neglected. If the MegaCortex actors are actually copying data, though, victims will now have to treat these attacks as a data breach going forward instead of just a ransomware infection.
About Chernars.com Chernars.com pop-ups can not open out of nowhere. If you have actually clicked…
About Eclipse-adblocker.pro Eclipse-adblocker.pro pop-ups can not open out of nowhere. If you have actually clicked…
About Initiateadvancedcompletelythe-file.top Initiateadvancedcompletelythe-file.top pop-ups can not open out of nowhere. If you have actually clicked…
About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…
About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…
About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…