News

Ransomware MegaCortex attacks companies in Europe and North America

Sophos specialists published a report, dedicated to increased activity of MegaCortex cryptographer.

This extortionist is orientated majorly of corporate sector and used in the carefully planned targeted attacks.

Such incidents are a real trend in the latest time, and many big companies suffered from targeted attacks: it is worth remembering LockerGoga “heroic actions”. Its victim was one of the world’s main aluminum producers Norsk Hydro, and a series of big chemical enterprises.

Other threats that similar approach are Ryuk, Bitpaymer, Dharma, SamSam and Matrix.

Sophos analysist said that MegaCortex was discovered in January 2019, when someone uploaded malware’s specimen on VirusTotal. Since that time number of attacks constantly grows: in total experts noted 76 incidents, with 47 of them (almost two thirds) occurred in the last week.

MegaCortex attacks affected companies in US, Canada, Netherlands, Ireland, Italy and France.

Cryptographers’ operators try as soon as possible to reach domain’s controllers and spread threat on as much systems as possible. “Recognize” MegaCortex is ealy due to extortionists’ message that can be seen below, or by changes files’ extensions as malware changes them on random sequence of eight symbols.

Megacortex ransom note black

In the report Sophos researchers acknowledge that could not detect how extortionist gets on infected hosts. In its turn, IT-experts write in social networks that MegaCortex allegedly uses for it Rietpoof uploader. This is quite interesting observation as usually cryptographers get in networks through the brutforce of the poorly protected RDP-endpoints or as an payload of the second phase of the attack, just after infection of machines with Emotet or Trickbot malware.

Recommendations on MegaCortex from Sophos specialists:

As the attack seems to indicate that an administrative password was abused by the criminals, we also recommend the widespread adoption of two-factor authentication for everything that currently requires just a password, and can use 2FA.

Keeping regular backups of your most important and current data on an offline storage device is the best way to avoid having to pay a ransom altogether.

Source: https://news.sophos.com

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Pbmsoultions.com Pop-up Ads

About Pbmsoultions.com Pbmsoultions.com pop-ups can not launch out of the blue. If you have actually…

24 hours ago

Remove Prizestash.com Pop-up Ads

About Prizestash.com Prizestash.com pop-ups can not expose out of the blue. If you have actually…

24 hours ago

Remove Verifiedbreaking.com Pop-up Ads

About Verifiedbreaking.com Verifiedbreaking.com pop-ups can not launch out of nowhere. If you have actually clicked…

24 hours ago

Remove Themoneyminutes.com Pop-up Ads

About Themoneyminutes.com Themoneyminutes.com pop-ups can not launch out of the blue. If you have actually…

1 day ago

Remove News-xcidizi.com Pop-up Ads

About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

1 day ago

Remove Everytraffic-flow.com Pop-up Ads

About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

1 day ago