A new version of the MegaCortex Ransomware has been discovered that not only encrypts your files, but now changes the logged in user's password and threatens to publish the victim's files if they do not pay the ransom.
For those not familiar with
MegaCortex, it is a targeted ransomware installed through network access provided by trojans such as Emotet. Once the MegaCortex actors gain access, they then push the ransomware out to machines on the network via an active directory controller or post-exploitation kits.
Significant changes in new MegaCortex version
In a new sample of the ransomware discovered by
MalwareHunterTeam, reverse engineered by
Vitali Kremez, and further analyzed by BleepingComputer, we see a new version of MegaCortex that has substantial changes from previous variants.
... ....