New MegaCortex Ransomware Targets Corporations Across The US And Europe
iDefense engineers recently discovered an updated version of MegaCortex Ransomware that targets corporations in Europe and North America. Hackers have demanded anywhere from 2 to 600 Bitcoins or $20,000 to $5.8 million USD from victims.
MegaCortex ransomware could traditionally only be installed by the hacker through a manual sequence. The ransomware also required a custom password during an infection. Although the ransomware was hard for business and security analysts to detect, it was also difficult to execute in the first place.
Businesses in Canada, France, Ireland, Italy, the Netherlands, and the United States suffered from a string of attacks this past spring. Infected systems would see a message that featured a picture of Morpheus from The Matrix. The attackers would demand that the victims purchase a private key from them.
MegaCortex has since evolved and can be self-executed without a custom password. According to engineers at iDefense, “The changes in Version 2 suggest that the malware authors traded some security for ease of use and automation.” The hackers previously needed to manually execute the malware loader and the batch files to stop services; these features have now all been automated. The last version’s main payload was run by rundll32.exe and hackers were forced to manually stop security features. This version’s main payload is now decrypted and is able to automatically stop or kill security services.
Some hackers claims to have altruistic motivations, but these particular attackers are in it for the money. They stated in their ransom note, “We don’t want to do any damage to your business. We are working for profit.” They also insisted that they planned to return the original files to the business once they had paid the ransom. They even promised to decrypt three files for free to demonstrate that they were fully capable of doing so. It is currently unclear who the attackers are and whether any businesses have paid the ransom.
Analysts and engineers fear that there may be an increase in MegaCortex attacks. Some even believe that the ransomware could be delivered through email or other malware. At the moment, most engineers only have a recommendation for how to prevent the current version of the ransomware from taking control in the first place. Let’s hope that other solutions will be found soon.
MegaCortex ransomware could traditionally only be installed by the hacker through a manual sequence. The ransomware also required a custom password during an infection. Although the ransomware was hard for business and security analysts to detect, it was also difficult to execute in the first place.
Businesses in Canada, France, Ireland, Italy, the Netherlands, and the United States suffered from a string of attacks this past spring. Infected systems would see a message that featured a picture of Morpheus from The Matrix. The attackers would demand that the victims purchase a private key from them.
MegaCortex has since evolved and can be self-executed without a custom password. According to engineers at iDefense, “The changes in Version 2 suggest that the malware authors traded some security for ease of use and automation.” The hackers previously needed to manually execute the malware loader and the batch files to stop services; these features have now all been automated. The last version’s main payload was run by rundll32.exe and hackers were forced to manually stop security features. This version’s main payload is now decrypted and is able to automatically stop or kill security services.
Some hackers claims to have altruistic motivations, but these particular attackers are in it for the money. They stated in their ransom note, “We don’t want to do any damage to your business. We are working for profit.” They also insisted that they planned to return the original files to the business once they had paid the ransom. They even promised to decrypt three files for free to demonstrate that they were fully capable of doing so. It is currently unclear who the attackers are and whether any businesses have paid the ransom.
Analysts and engineers fear that there may be an increase in MegaCortex attacks. Some even believe that the ransomware could be delivered through email or other malware. At the moment, most engineers only have a recommendation for how to prevent the current version of the ransomware from taking control in the first place. Let’s hope that other solutions will be found soon.
