MegaCortex

Malware Profile Updated a month ago
Download STIX
Preview STIX
MegaCortex is a type of malware known for its harmful effects on computer systems and devices. It was identified by Dragos, a cybersecurity firm, as having a relationship with another ransomware called EKANS. Both MegaCortex and EKANS have specific characteristics that pose unique risks to industrial operations not previously observed in ransomware operations. They represent hardened ransomware variants that can disrupt operations, steal personal information, or hold data hostage for ransom. Over the years, MegaCortex has been used in various cyberattacks, paralyzing major corporations' operations. In addition to MegaCortex, other ransomware such as LockerGoga, Hive, and Dharma were also deployed by cybercriminals to carry out their attacks. These criminals targeted large corporations in 71 countries, causing losses of several hundred million euros. Qakbot, also known as Qbot and Pinkslipbot, served as an initial infection vector for various ransomware gangs, including those using MegaCortex. After remaining undetected in compromised systems for months, these criminals would deploy different types of ransomware and present a ransom note to the victims, demanding payment in Bitcoin in exchange for decryption keys. However, there has been some success in combating MegaCortex and similar ransomware. Last year, decryptors for BlackCat, Hive, and MegaCortex ransomware variants were released, providing a means to recover encrypted files without paying a ransom. Additionally, Swiss authorities, along with No More Ransom and cybersecurity firm Bitdefender, developed decryption tools for LockerGoga and MegaCortex ransomware variants. This progress followed the arrest in Ukraine of five members of a group accused of using ransomware strains like Hive, LockerGoga, MegaCortex, and Dharma in attacks that netted them hundreds of millions of dollars.
What's your take? (Question 1 of 5)
a8675e27-e352-47cb-bc8c-f7b45e6e5e6f Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Ransom
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockerGogaUnspecified
7
LockerGoga is a type of malware, specifically ransomware, known for its disruptive capabilities. It was notably deployed at Norsk Hydro in March 2019, causing significant operational disruption. LockerGoga differentiates itself from other types of ransomware such as EKANS due to its destructive natu
HiveUnspecified
4
Hive is a malicious software, or malware, known for its disruptive capabilities and widespread damage. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold data h
REvilUnspecified
4
REvil, also known as Sodinokibi, is a notorious malware that gained prominence due to its harmful impact on computer systems and data. It operates under the Ransomware as a Service (RaaS) model, which saw a significant rise in popularity throughout 2020. The malware typically infects systems via sus
QakBotUnspecified
3
Qakbot, also known as QBot, is a versatile and malicious software that can perform various harmful actions such as brute-forcing, web injects, and loading other malware. It is used to steal credentials and gather sensitive information. The malware is built by different groups including IcedID, Emote
Black BastaUnspecified
3
Black Basta is a malicious software (malware) known for its disruptive activities in the cyber world. This Russian-speaking ransomware-as-a-service group has been operational since early 2022, with an estimated accumulation of at least $107 million in Bitcoin ransom payments. The malware primarily i
EgregorUnspecified
2
Egregor is a variant of the Sekhmet ransomware and operates as Ransomware-as-a-Service (RaaS). It emerged in 2020, suspected to be from former Maze affiliates. Known for its double extortion tactics, Egregor publicly shames its victims by leaking sensitive data if the ransom isn't paid. In one notab
QbotUnspecified
2
Qbot, also known as Qakbot or Pinkslipbot, is a sophisticated malware that initially emerged in 2007 as a banking trojan. It has since evolved into an advanced strain used by various cybercriminal groups to infiltrate networks and prepare them for ransomware attacks. The first known use of an ITG23
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the MegaCortex Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
EKANS Ransomware and ICS Operations | Dragos Dragos
Bitdefender
a year ago
Bitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor
Checkpoint
a year ago
9th January – Threat Intelligence Report - Check Point Research
MITRE
a year ago
Ransomware 2020: Attack Trends Affecting Organizations Worldwide
Securityaffairs
a year ago
New QBot campaign delivered hijacking business correspondence
MITRE
a year ago
Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families | Mandiant
Securityaffairs
6 months ago
International police operation dismantled prominent Ukraine-based Ransomware group
MITRE
a year ago
ITG08 (aka FIN6) Partners With TrickBot Gang, Uses Anchor Framework
CERT-EU
a year ago
Microsoft, Fortra go after Cobalt Strike-abusing gangs
DARKReading
6 months ago
Ringleader of Prolific Ransomware Gang Arrested in Ukraine
CERT-EU
9 months ago
Free Decryptor Available for ‘Key Group’ Ransomware
InfoSecurity-magazine
6 months ago
Ukraine Police Dismantle Major Ransomware Group
CERT-EU
5 months ago
The law enforcement operations targeting cybercrime in 2023
CERT-EU
6 months ago
Ringleader of Ransomware Group in Ukraine Arrested: Europol
BankInfoSecurity
6 months ago
Police Bust Suspected Ransomware Group Ringleader in Ukraine
CERT-EU
6 months ago
Europol shutters ransomware operation with kingpin arrests
BankInfoSecurity
9 months ago
Operation 'Duck Hunt' Dismantles Qakbot
CERT-EU
9 months ago
FBI brings down massive botnet that infected more than 700,000 computers
CERT-EU
9 months ago
Qakbot botnet dismantled after infecting over 700,000 computers
CERT-EU
9 months ago
Qakbot Cracked: FBI and Friends Hack the Hackers