MegaCortex Ransomware attacks hit Corporate Networks


Sophos, a British based Cybersecurity firm has detected that a ransomware variant with the name MegaCortex was seen profusely hitting corporate networks from the past 43 days. The researchers at the security firm analyzed that the objective behind the attack could probably be “Big-Game Hunting” where hackers seem to target big enterprises in order to gain large scale economic benefits.

“Thus, MegaCortex has joined the list of recognizable malware names such as RYUK, Bitpaymer, Dharma, Matrix, LockerGoga, and SamSam where cyber crooks are seen deploying the said ransomware variants through mass deployment techniques such as phishing emails and spam”, says Andrew Brandt, Senior Researcher, Sophos.

According to a security report released by Sophos on Friday last week, the sample version of MegaCortex was first detected on malware scanning website VirusTotal in January this year. Then during a server audit on GitHub done in Feb this year few of the members were seen discussing the whereabouts of the said malware hinting that the distributors were interested in circulating the malware on a large scale.

Sophos claims that it has detected almost 47 attacks related to MegaCortex in the past 60 days out of 76 attacks which took place in the year long so far.

Most of the attacks have emerged from enterprises which were operating in the United States, Canada, Italy, Netherlands, Ireland, France, and Spain. However, the list might increase as Sophos research has limited analyzing tools on a geographical note.

Cybersecurity Insiders has learned from Twitter that the distribution of ransomware was taking place via a malware loader named Rietspoof.

Hence, experts from UK based vendor which offers anti-virus software are recommending IT heads of corporate to adopt 2-factor authentication for internal networks, especially those for central management servers.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display