Home Articles Understanding the MegaCortex Ransomware

Understanding the MegaCortex Ransomware


Recently, security researchers discovered the MegaCortex ransomware that is targeting corporate networks. Read on to know about the ransomware…

A new strain of ransomware is infecting corporate networks through a complicated chain of events, with some infections beginning with stolen credentials for domain controllers inside target networks.

Security researchers at Sophos discovered a ransomware known as MegaCortex that is targeting corporate networks. MegaCortex attacks were already reported in the United States, Italy, Canada, France, the Netherlands, and Ireland. MegaCortex was first spotted in January when a sample of the ransomware was uploaded on the online scanning service VirusTotal.

“A new ransomware that calls itself MegaCortex got a jolt of life on Wednesday as we detected a spike in the number of attacks against Sophos customers around the world, including in Italy, the United States, Canada, the Netherlands, Ireland, and France. The attackers delivering this new malware campaign employed sophisticated techiques in the attempt to infect victims.” reads a blog post published by Sophos.

“The convoluted infection methodology MegaCortex employs leverages both automated and manual components, and appears to involve a high amount of automation to infect a greater number of victims.”

Security experts noticed a spike in the number of MegaCortex ransomware attacks last week when detected and halted 47 attacks. Since January this year, the overall number of attack based on MegaCortex is 76. Some of the victims of the ransomware reported they had the domain controllers compromised, this could be a first step of the attack.

About MegaCortex
Known as MegaCortex, the ransomware has a few interesting attributes, including its use of a signed executable as part of the payload, and an offer of security consulting services from the malware author. Researchers said the ransomware often is present on networks that already are infected with the Emotet and Qakbot malware, but are not sure whether those tools are part of the delivery chain for MegaCortex.

“Right now, we can’t say for certain whether the MegaCortex attacks are being aided and abetted by the Emotet malware, but so far in our investigation (which is still ongoing as this post goes live), there seems to be a correlation between the MegaCortex attacks and the presence on the same network of both Emotet and Qbot (aka Qakbot) malware.” continues the report.

To remove MegaCortex ransomware from the affected computer or even the network, you need to disconnect your PCs from the Internet and run a full system scan with a professional anti-virus. If you go for a free tool, you risk getting PUPs or more dangerous cyber threats.

Make sure to learn about MegaCortex virus features and potential risks before attempting any processes. Also, rely on file backups and data recovery software when trying to restore encrypted files. This can only be achieved after proper system cleaning.

Automatic MegaCortex removal using anti-malware tools like Reimage, Malwarebytes, or Plumbytes Anti-Malware can give the advantage of detecting other malware besides the cryptovirus and eliminating corrupted files, PUPs from the machine.


Please enter your comment!
Please enter your name here

53 − 49 =