03 Sep 2019
According to researchers from Accenture’s iDefense team, this newer version is ready for wide-scale attacks, with increased ability to kill a number of security products, and a main payload run directly from memory. “The password requirement…prevented the malware from being widely distributed worldwide and required the attackers to install the ransomware mostly through a sequence of manual steps on each targeted network,” stated Leo Fernandes, senior manager of malware analysis and countermeasures at iDefense, toThreatpost. “The authors of MegaCortex v2 have redesigned the ransomware to self-execute and removed the password requirement for installation; the password is now hard-coded in the binary.”
According to research, MegaCortex related ransom demands have ranged from approximately $20,000 to as much as $5.8 million. That amount is expected to rise with this new strain. “Indeed, potentially there could be an increase in the number of MegaCortex incidents if the actors decide to start delivering it through email campaigns or dropped as secondary stage by other malware families,” added Fernandes.
Enterprises and organizations are urged to double their efforts to protect email interactions. As always, Security Awareness Training is your best first line of defense. “Identifying malware and phishing attacks on the network early is critical to mitigating the risk of a ransomware attacks,” said Stuart Reed, Cybersecurity VP at Nominet, said to Threatpost. “This needs to be combined with basic cyber-hygiene, such as not opening attachments or clicking links unless you know they are legitimate, keeping up to date with system patches and current versions of malware protection. A layered approach to security, combined with robust backups and a well understood incident response, will be fundamental to combating ransomware attacks.”