Back
MegaCortex - Ransomware Spotted Attacking Enterprise Networks
- By Elite CIO
May 17, 2019
6
MegaCortex - Ransomware Spotted Attacking Enterprise Networks
A new ransomware called MegaCortex (RANSOM.WIN32.CORTEX.SM) has been reportedly deployed against large corporate networks and workstations in the United States, Canada and parts of Europe.
How MegaCortex works
When encrypting the victim's files, the ransomware will append the extension .aes128ctr. The ransomware will also generate a file with a .tsv extension and drop it in the hard drive. The MegaCortex actors' ransom note instructs the users to submit this file to them because it contains encrypted session keys needed for decryption. The ransom note itself is a .txt file that doesn't ask for the usual crypto currency payment, instead it demands that victims buy the actor's software.
In addition to the main payload, the malware also drops secondary components that security researchers have identified as the Rietspoof malware, a delivery system used to drop multiple payloads onto a device.
Defending against ransomware
Elite CIO Council recommend to take regularly back up of your data, keep the system and applications updated, enforce the principle of least privilege.
Author : Atul Bansal, Gateway Rail