Sophos alerts businesses about new ransomware called MegaCortex

sophos

Sophos, a global leader in endpoint and network security, has released alert about a new ransomware that is threatening businesses calledMegaCortex

According to the Sophos research team, MegaCortex is a relatively little-seen malware that suddenly spiked in volume on May 1. Sophos has seen MegaCortex detections in the US, Canada, Argentina, Italy, the Netherlands, France, Ireland, Hong Kong, Indonesia, and Australia.

The research team also figured out that the adversaries behind MegaCortex use more automated tools to carry out the attack which is able to spread the infection to more victims, more quickly.

As indicated in this SophosLabs Uncut article, there is no explicit value for the ransom demand in the ransom note. The attackers invite victims to email them on either of two free mail.com email addresses and send along a file that the ransomware drops on the victim’s hard drive to request decryption “services.” 

Sophos has also made the following protection recommendation to businesses:

Commenting on the study, Sophos Senior Security Advisor John Shier, said:

“We suspect this is your script kiddie/living-off-the-land ‘mega bundle’ and a good example of what we’ve lately been calling cybercriminal pen-testing.

“The MegaCortex attackers have taken the blended threat approach and turned it up to 11, by increasing the automated component to target more victims. Once they have your admin credentials, there’s no stopping them. Launching the attack from your own domain controller is a great way for the attackers to inherit all the authority they need to impact everything in an organization. Organizations need to pay attention to basic security controls and perform security assessments, before the criminals do, to prevent attackers like these from slipping through”.

Exit mobile version