MegaCortex Ransomware Analysis + Prevention by Sophos!

Spread the love

Sophos just released their analysis of the MegaCortex ransomware whose speed and spread of attack are very worrying! Get the key details about MegaCortex and how to prevent an attack!

 

What Is Megacortex?

MegaCortex is a new ransomware that was rarely seen until it suddenly spiked in volume in May 2019. Similar to infamous ransomware like Ryuk and BitPyamer, it is now spreading rapidly in these countries :

  • US
  • Canada
  • Argentina
  • Italy
  • The Netherlands
  • France
  • Ireland
  • Hong Kong
  • Indonesia
  • Australia

MegaCortex Ransomware Analysis + Prevention by Sophos!

Why Is MegaCortex Dangerous?

Ransomware attacks are usually carried out in 3 ways:

  • Manual attacks
  • Automated attacks
  • Blended attacks

Unlike Ryuk and BitPyamer, MegaCortex is controlled by cybercriminals using more automated tools, and designed to spread infection to many victims at a much faster speed.

cybercriminals

 

What Does MegaCortex Demand?

Unlike other ransomware attacks, MegaCortex has no clear ransom demands.

All it does is invite its victims to email the attackers on any of two free email addresses, attaching a file that had been dropped into the victim’s hard disk drive, to request decryption services.

ransomware

The ransom note includes “a guarantee that your company will never be inconvenienced by us“. On top of that, if the victim pays the ransom, “You will also receive a consultation on how to improve your companies cyber security“.

How sweet of them.

 

How To Protect Against MegaCortex

Sophos recommends the following steps to protect your business from MegaCortex and the threat of ransomware attacks in general :

  • Companies are cautioned to be on the highest alert should they see warning signs about Emotet or Qbot, as there is strong correlation between MegaCortex and the two ransomwares.
  • Place the company Remote Desktop Protocol (RDP) machine behind a Virtual Private Network (VPN)
  • Practice two-factor authentication for systems logins
  • Regular backup of important and current data on an offline storage device
  • Use anti-ransomware software like Sophos Intercept X Advanced.

 

Recommended Reading

Go Back To > Cybersecurity | Home

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


About The Author

Leave a Reply