A new variant of ransomware has been discovered, called MegaCortex, that is targeting enterprise networks and organizations. Once the environment is penetrated, the attackers infect it by distributing the ransomware using Windows domain controllers.

Researchers at Accenture iDefense described that operators behind the ransomware are focusing strictly on corporate targets to ensure large cash payouts. Being a new variant of ransomware, not much is currently known about its encryption algorithms (other than it’s been reported an RSA public key is hardcoded into the malware), how the network can actually be infiltrated, and whether the payments are actually being honored.

“With a hard-coded password and the addition of an anti-analysis component, third parties or affiliated actors could, in theory, distribute the ransomware without the need for an actor-supplied password for the installation,” the researchers say. “Indeed, potentially there could be an increase in the number of MegaCortex incidents if the actors decide to start delivering it through email campaigns or dropped as secondary stage by other malware families.”

How MegaCortex Strikes

The ransomware creates a ransom note named “!!!_READ_ME_!!!.txt” and contains information about the ransom as well as the email addresses to contact the attackers.

Ransomware aimed at enterprise and corporate networks continue to rise, not just because of the hope for larger payout, but because of centralized authentication making it easier for devices to spread the ransomware so quickly.

Using a tool like Syxsense can actively prevent breaches before they spread. Receive live, accurate, data from thousands of devices in under 10 seconds then instantly detect running .exes, malware or viruses and kill those processes before they spread.