KnowBe4 Security Awareness Training Blog

MegaCortex Ransomware goes Fully Automated, Putting Enterprises at Risk of Ransoms in the Millions

Written by Stu Sjouwerman | Aug 28, 2019 7:21:57 PM

A new version of MegaCortex has been spotted, upgrading it from a manual, targeted form of ransomware, to one that can be spread and do damage enterprise-wide.

What was once a ransomware variant that was only used post-exploitation as part of a targeted, manual attack requiring a password be entered by the cybercriminal, has now been re-released into the wild as a vastly improved version 2.0.

Completely automated, the latest version of MegaCortex has proven to be ready for wide-scale attacks, according to new research from Accenture’s iDefense team. It’s need for manual password entry has been removed, and it’s been beefed up with an ability to kill a number of security products, and now loads and runs its’ main payload directly from memory.

According to the research, ransoms demanded to date have ranged from approximately $20,000 to as much as $5.8 million, making this a tangible threat to small businesses and large enterprises alike.

Noted by the researcher, it’s potentially expected to see “an increase in the number of MegaCortex incidents if the actors decide to start delivering it through e-mail campaigns.”

Organizations wanting to avoid this new version need to double efforts to protect email and user interactions with email. Email security solutions can assist in detecting malware-laden attachments and potentially malicious office documents. Security Awareness Training is best suited to advise the user on the need for being security-minded, and to educate them on how to identify suspicious email and web content that may be malicious in intent.

MegaCortex sounds like it’s got some major upgrades and has an ability to do some real damage. Shoring up your security efforts is a prudent step to avoid this new version of ransomware.