A dangerous enterprise-focused ransomware, MegaCortex, has been retooled to become a weapon for wide-scale attacks.
Previously used only in manual, post-network-exploitation, targeted campaigns on carefully selected targets, MegaCortex now has a second variant that adds automation to the kill chain. This gives the malware a path to wider distribution, according to researchers at Accenture’s iDefense division.
The original version of MegaCortex protected its main payload with a custom password supplied by the adversary for each infection.
“The password requirement…prevented the malware from being widely distributed worldwide and required the attackers to install the ransomware mostly through a sequence of manual steps on each targeted network,” explained Leo Fernandes, senior manager of malware analysis and countermeasures at iDefense, in research shared with Threatpost. “The authors of MegaCortex v2 have redesigned the ransomware to self-execute and removed the password requirement for installation; the password is now hard-coded in the binary.”
Other upgrades in version 2.0 include anti-analysis features within the main malware module, and the functionality to stop and kill a wide range of security products and services automatically. This was also previously manually executed as batch script files on each host, Fernandes said.