August 6, 2019 By David Bisson 2 min read

Threat actors released version 2.0 of MegaCortex ransomware and have equipped their threat with anti-analysis features, among other new capabilities.

In early August, Accenture revealed it had detected a new version of the MegaCortex ransomware family. This variant’s main malware module arrived with anti-analysis features that helped the threat evade detection. To further shield their creation, digital attackers outfitted the ransomware with the ability to kill security services’ functionality, a task that the original threat accomplished by manually executing batch script files on each infected host.

Those behind this newest variant also decided to no longer protect their ransomware using a custom password that was present only during infection. While this feature helped conceal the threat’s inner workings, it also prevented the ransomware from reaching a wider number of targets, as it required its handlers to manually execute a series of steps on each targeted network. The threat’s creators solved this problem in this newest version by hardcoding the password in the malware binary.

A Look Into MegaCortex’s History

MegaCortex hasn’t been around for very long; Trend Micro first spotted it targeting enterprise networks in May 2019. Even so, it’s distinguished itself from other ransomware families in that short period of time. It did this partly by incorporating aggressive language into its ransom notes to pressure victims into paying quickly, as reported by Bleeping Computer in July.

A successful attack against cloud-hosting firm iNSYNQ, as covered by the New Jersey Cybersecurity & Communications Integration Cell at the end of July, also contributed to this threat’s notoriety. It’s therefore no surprise that the actors behind MegaCortex are now demanding as much as $5.8 million in ransom for a successful attack, per Accenture’s findings.

How to Defend Against Ransomware Attacks

To help defend against MegaCortex and other ransomware attacks, organizations should invest in a user education program that’s designed to raise awareness of phishing attacks and other digital threats among employees. Security teams should also be sure to create a patching schedule for their vulnerabilities, as ransomware samples are the common payloads of exploit kits.

More from

Is the water safe? The state of critical infrastructure cybersecurity

4 min read - On September 25, CISA issued a stark reminder that critical infrastructure remains a primary target for cyberattacks. Vulnerable systems in industrial sectors, including water utilities, continue to be exploited due to poor cyber hygiene practices. Using unsophisticated methods like brute-force attacks and leveraging default passwords, threat actors have repeatedly managed to compromise operational technology (OT) and industrial control systems (ICS).Attacks on the industrial sector have been particularly costly. The 2024 IBM Cost of a Data Breach report found the average total…

Cybersecurity trends: IBM’s predictions for 2025

4 min read - Cybersecurity concerns in 2024 can be summed up in two letters: AI (or five letters if you narrow it down to gen AI). Organizations are still in the early stages of understanding the risks and rewards of this technology. For all the good it can do to improve data protection, keep up with compliance regulations and enable faster threat detection, threat actors are also using AI to accelerate their social engineering attacks and sabotage AI models with malware.AI might have…

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

3 min read - IBM’s X-Force team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks.One of the key takeaways of this year’s report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms being mentioned across dark web marketplaces. While this trend potentially points to more cloud platforms increasing their defensive posture and limiting the number of exploits or compromised credentials that are surfacing,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today