42.1 F
Washington D.C.
Sunday, January 29, 2023

New Ransomware Suddenly Pops Up on Large Number of Enterprise Networks

A new ransomware that calls itself MegaCortex got a jolt of life on Wednesday as we detected a spike in the number of attacks against Sophos customers around the world, including in Italy, the United States, Canada, the Netherlands, and other countries. The attackers delivering this new malware campaign employed sophisticated techiques in the attempt to infect victims.

The convoluted infection methodology MegaCortex employs leverages both automated and manual components, and appears to involve a high amount of automation to infect a greater number of victims. In attacks we’ve investigated, the attackers used a common red-team attack tool script to invoke a meterpreter reverse shell in the victim’s environment. From the reverse shell, the infection chain uses PowerShell scripts, batch files from remote servers, and commands that only trigger the malware to drop encrypted secondary executable payloads (that had been embedded in the initial dropped malware) on specified machines.

The attack was triggered, in at least one victim’s environment, from a domain controller inside an enterprise network whose administrative credentials the attacker seems to have obtained, in what appears to be a hands-on break in

Read more at Sophos

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles