Latest Ransomware, MegaCortex, Spreads Across The Globe
A new ransomware variant, deemed MegaCortex, has been found targeting organizations in the U.S., Canada, France, Netherlands, Ireland, and Italy. This particular ransomware uses a dual approach, deploying both automated and manual components in an attempt to infect as many people as possible. MegaCortex was first found in January of 2019; however, since, it has continued to scale at a rapid rate. According to the International Business Times, there have been 76 confirmed MegaCortex attacks in the last three months. Forty-seven of which have occurred just last week.
Upon infection, a non-traditional ransom note displays on the victim’s screen. The note doesn’t disclose the ransom demands but does offer a free “consultation” on how to improve the organization’s cyber security, as well as a “guarantee” the company won’t be targeted again.
Since MegaCortex is still rather new, the exact infection process remains under investigation. Although some researchers believe there’s a strong correlation between MegaCortex, and an ongoing infection within the company’s networks with both Emotet and Qbot. There are also beliefs the ransomware variant is being executed through enabled remote desktop protocol (RDP) ports. This concern appears to be validated with the evidence of compromised administrative passwords during the infection process. Due to this concern, organizations are being encouraged to begin deploying two-factor authentication and disabling all unused RDP ports.