Ransomware MegaCortex performs 47 attacks within a week

A ransomware called MegaCortex carried out 47 attacks last week. That’s two-thirds of all 76 attacks detected since the discovery of the ransomware last January.

According to Sophos, MegaCortex uses a tactic known as big-game hunting. The ransomware appears to be designed to attack large corporate networks and is part of carefully planned, targeted intrusions, according to the cybersecurity specialist. This instead of using spam or other massively set up techniques. ZDNet notes that the list of such targeted attacks is growing, including names such as Ryuk, Bitpaymer, Dharma, SamSam, LockerGoga and Matrix.

The attacks detected would come from corporate networks in the United States, Canada, the Netherlands, Ireland, Italy and France. Sophos has already blocked the attacks, but does not rule out attacks from other places as well. These are locations where the British antivirus provider has no coverage.

Cane puddle

Several cyber security researchers suspect that the ransomware has been placed on attacked networks via a malware loader called Rietspoof. This is a new approach compared to previous known targeted ransomware attacks. They typically use brute-forcing on poorly secured endpoints or intrude on a system via the Emotet or Trickbot Trojan and then install the ransomware.

The new delivery method does not make MegaCortex any less dangerous. Hackers can quickly escalate the attack to gain access to a domain controller, from where they try to unleash the ransomware on as many workstations as possible.

According to Sophos, it is therefore advisable to use two-step authentication for internal networks. Certainly also with central management servers. Victims can recognize MegaCortex by the random eight-character extension that is added to encrypted files.

Related: Vulnerable cloud servers victim of attacks within a minute