A new version of MegaCortex ransomware has been found which is capable of changing the Windows password of the targeted system.
This new version of the ransomware has started changing Windows passwords and threatening the users to publish their files and sensitive information if failing to pay the demanded ransom. MegaCortex is targeted ransomware installed through network access provided by trojans such as Emotet. Once the ransomware actors gain access, they start circulating ransomware to machines on the network via an active directory controller.
When the MegaCortex launcher is executed, it will extract two DLL files and three CMD scripts to C:\Windows\Temp. These CMD files execute a bunch of commands that remove shadow volume copies and uses Cipher command to wipe all free space on the C drive.
The note threatens the targeted user by stating that their data has been copied to a secured location. The claim of the ransomware about copying victim files is not yet verified. If the ransomware actors are really copying data then the victims will now be under a data breach attack which could cause huge chaos.
Use NPAV and join us on a mission to secure the cyber world.