MegaCortex Ransomware target the corporate sector and are trying to gain access to the organization’s domain controller in order to deliver the ransomware to the maximum number of workstations. Once on the target device, the malware launches a PowerShell script that deploys the multi-functional Meterpreter on the victim’s network. Using this tool, attackers gain access to the company's domain controller and deliver the payload to the machines connected to it. An executable file and a batch script, responsible for unloading hundreds of processes from memory, are embedded in computers. Attackers disable security systems, virus scanners and other services that may interfere with data encryption.
Finally, the winnit.exe file is delivered to the device, which is responsible for loading the DLL library with a random name of eight characters. It encrypts user information and places a note in the root directory requesting a ransom. The message is stylized under the appeal of Morpheus - one of the heroes of the film "The Matrix". The film also refers to the name of the malware: the main character of the trilogy worked in a corporation with a similar name - MetaCortex. In the message, criminals propose to contact them for advice on protecting the corporate network in order to protect the company from future attacks.
MegaCortex Ransomware Signatures
Family: Trojan:Win32/CryptInject
MD5: bcd5275b17fa251e764cc654f27a348b
SHA256: 11f7bb37dd425150e6b095a8d1f3a347ee83e604302a4d9bb201900e74a81d73
MegaCortex Ransomware Download