It’s easy to forget that malware authors are regular human beings with hobbies and interests – not that different from their many victims, in fact.
Take the tendency to embed references to popular culture in malware – as the creator of a new type of ransomware called MegaCortex has done.
MegaCortex calls to mind the faceless software corporation Metacortex in cult sci-fi movie The Matrix.
In the case of the MegaCortex ransomware, anyone infected is confronted with a ransom note written in the style reminiscent of the Matrix character Morpheus:
Your companies (sic) cyber defense systems have been weighed, measured and have been found wanting. The breach is the result of grave neglect of security protocols.
And:
We can only show you the door. You’re the one who has to walk through it.
One moment, the defenders’ network looked secure. The next, as if out of nowhere, the ransom note popped up.
Strip away the movie allusion and MegaCortex is simply an example of how present-day ransomware attacks often unfold, where victims are selected in advance because of security holes the crooks have already spotted, or passwords they’ve already acquired.
For example, at least one of the attacks detected by SophosLabs in recent days used credentials stolen from a domain controller, underlining that the crooks spent time looking for those credentials to unleash what was effectively a targeted attack.
MegaCortex is a good example that ransomware isn’t going away, even if media attention has moved on to what look like bigger and badder attacks.
In recent months, we’ve covered several severe attacks, including one against a swathe of US newspapers that delayed their publication, and more recently, an attack against a hospital using the GandCrab malware.
Avoiding ending up as another statistic on the victim list takes some work, so please check out our anti-ransomware tips in our coverage of the once-widespread SamSam ransomware.
There no simple takeaway from this so much as lots of small ones that can make the difference. However, paying close attention to the security of privileged accounts is a good place to start.
As The Matrix’s Morpheus observed:
Believe me when I say we have a difficult time ahead of us. But if we are to be prepared for it, we must first shed our fear of it.
Sophos protects
Sophos Antivirus detects these samples as Bat/Agent-BBIY, Troj/Agent-BBIZ, Troj/Agent-BAWS, and Troj/Ransom-FJQ. Sophos Intercept X protects against MegaCortex ransomware.