Home » Cyber Security News » New ransomware called MegaCortex infects corporate computer networks

New ransomware called MegaCortex infects corporate computer networks

  • It is reported that the attackers spread this ransomware mainly using Windows domain controllers in the victim’s network.
  • Furthermore, the group used a mix of automation tools and manual components in order to deploy the ransomware to a large number of victims.

A new ransomware has been discovered this past week. Known as ‘MegaCortex’, the ransomware targeted victims across the US, Italy, Canada, Netherlands, Ireland, and France. The victims were predominantly corporate networks. According to security firm Sophos, which discovered this ransomware, the attackers highly employed automation and a number of tools to propagate the ransomware in large numbers.

What is MegaCortex?

  • In a blog, Sophos indicated that the creators behind MegaCortex used a common red-team attack tool script. This was to invoke a reverse shell known as ‘meterpreter’ in the victim’s environment.
  • The reverse shell is leveraged for an infection chain that uses PowerShell scripts, batch files and commands to drop secondary malware payloads.
  • In one of the attacks reported, a Windows domain controller of an enterprise network was used to initiate the attack.
  • The ransom note appears in the root of the victim’s hard drive as a plain text file. The note imitates the Matrix movie references.
  • As of now, 76 attacks have been confirmed by Sophos. Around 47 of them occurred in a span of 48 hours.

Worth noting

The blog also shed light on how MegaCortex might probably be linked with the well-known Emotet and Qbot malware.

“Right now, we can’t say for certain whether the MegaCortex attacks are being aided and abetted by the Emotet malware, but so far in our investigation (which is still ongoing as this post goes live), there seems to be a correlation between the MegaCortex attacks and the presence on the same network of both Emotet and Qbot (aka Qakbot) malware,” the researchers suggested.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket