Megac0rtx Ransomware

The Megac0rtx Ransomware is a file-locking Trojan that holds your documents and other media hostage through encryption. The Megac0rtx Ransomware campaigns are targeting high-value entities in the business sector, with ransom demands at tens of thousands of dollars. Backing up your server's contents to secure locations will protect it from the consequences of infections, and updated anti-malware products should safely eliminate the Megac0rtx Ransomware as a threat.

A Trojan with Lowly Language and High Expectations

The file-locking Trojan industry is getting a newcomer with particularly shocking expectations for how much profit it should make from its attacks. The Megac0rtx Ransomware, reverse-engineered by a New York-based PC security researcher recently, has no genealogical ties to past families like Hidden Tear, the Scarab Ransomware, or other entities in the same sector. Although its behavior isn't incredibly unique, its demands and means of communicating with any victims help it stand out from similar threats.

The Megac0rtx Ransomware's threat actors are targeting enterprise-level business entities through unknown means, although multiple infections out in the wild are definitive. Malware analysts are confirming the abuse of hijacked digital certificates associated with legitimate companies, such as a United Kingdom-based pizza restaurant, as part of the disguising elements that help the Megac0rtx Ransomware avoid detection from a majority of AV vendors.

The Megac0rtx Ransomware's defining attack is its means of locking files by encrypting them, but it also has a small collection of supporting features. The Megac0rtx Ransomware can add 'megac0rtx' extensions to the names of the hostage media, auto-terminate unwanted processes (such as ones related to security applications), and create Read Me-style text messages with ransom demands. The last of these uses content that's specific to the Megac0rtx Ransomware and includes demeaning and vulgar language – along with ransom demands starting at a Bitcoin equivalent of twenty thousand, up to six million dollars.

Offloading the Responsibility of 'Mega' Payments to Someone Else

Everything about the Megac0rtx Ransomware implies attacks against businesses with significant cash resources for paying the sky-high ransoms that it demands. In such scenarios, malware researchers anticipate infection vectors from one of two sources:

• Employees may compromise their systems by opening e-mail attachments or links that contain unsafe content, such as a document's macro-hosted drive-by-download exploit. Disabling macros, updating critical software, and scanning downloads and links before any further interactions will optimize the chances of blocking or detecting a Trojan dropper.
• Vulnerable servers can experience hacking from remote attackers that don't require an inside user's permission. These attacks take advantage of default or brute-forced passwords like 'admin1234,' or use built-in software vulnerabilities for compromising admin access and credentials. Again, software security updates are highly-pertinent defenses, along with using unique and complex logins. Networks, also, should disable or secure all Remote Admin features.

Anti-malware services are just developing appropriate heuristics and database entries for counteracting the Megac0rtx Ransomware. Install any database patches for your security software before attempting any removal of the Megac0rtx Ransomware from a network.

The last thing any business needs is another group of criminals hoping that they can turn neglect of security protocols into money. At the prices that the Megac0rtx Ransomware is asking for, the cost of backup software and services is looking better than ever.