MegaCortex

Malware updated 22 days ago (2024-11-29T14:15:30.504Z)

Download STIX

Preview STIX

MegaCortex is a type of malware known for its harmful effects on computer systems and devices. It was identified by Dragos, a cybersecurity firm, as having a relationship with another ransomware called EKANS. Both MegaCortex and EKANS have specific characteristics that pose unique risks to industrial operations not previously observed in ransomware operations. They represent hardened ransomware variants that can disrupt operations, steal personal information, or hold data hostage for ransom. Over the years, MegaCortex has been used in various cyberattacks, paralyzing major corporations' operations. In addition to MegaCortex, other ransomware such as LockerGoga, Hive, and Dharma were also deployed by cybercriminals to carry out their attacks. These criminals targeted large corporations in 71 countries, causing losses of several hundred million euros. Qakbot, also known as Qbot and Pinkslipbot, served as an initial infection vector for various ransomware gangs, including those using MegaCortex. After remaining undetected in compromised systems for months, these criminals would deploy different types of ransomware and present a ransom note to the victims, demanding payment in Bitcoin in exchange for decryption keys. However, there has been some success in combating MegaCortex and similar ransomware. Last year, decryptors for BlackCat, Hive, and MegaCortex ransomware variants were released, providing a means to recover encrypted files without paying a ransom. Additionally, Swiss authorities, along with No More Ransom and cybersecurity firm Bitdefender, developed decryption tools for LockerGoga and MegaCortex ransomware variants. This progress followed the arrest in Ukraine of five members of a group accused of using ransomware strains like Hive, LockerGoga, MegaCortex, and Dharma in attacks that netted them hundreds of millions of dollars.

Description last updated: 2024-05-04T16:05:06.236Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Malware

Ransom

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The LockerGoga Malware is associated with MegaCortex. LockerGoga is a type of malware, specifically ransomware, that infiltrates computer systems and holds data hostage until a ransom is paid. This malicious software was notably deployed in an attack against Norsk Hydro in March 2019. The malware was distributed by the threat group FIN6, which traditio	Unspecified	7
The Hive Malware is associated with MegaCortex. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostag	Unspecified	4
The REvil Malware is associated with MegaCortex. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. Th	Unspecified	4
The QakBot Malware is associated with MegaCortex. Qakbot is a type of malware, or malicious software, that infiltrates computer systems to exploit and damage them. This harmful program can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt ope	Unspecified	3
The Black Basta Malware is associated with MegaCortex. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defenses	Unspecified	3
The Egregor Malware is associated with MegaCortex. Egregor is a malicious software variant of the Sekhmet ransomware that operates on a Ransomware-as-a-Service (RaaS) model. It is speculated to be associated with former Maze affiliates, and is notorious for its double extortion tactics, which involve not only encrypting the victim's data but also pu	Unspecified	2
The Qbot Malware is associated with MegaCortex. Qbot, also known as Qakbot or Pinkslipbot, is a sophisticated malware that initially emerged in 2007 as a banking trojan. It has since evolved into an advanced strain used by various cybercriminal groups to infiltrate networks and prepare them for ransomware attacks. The first known use of an ITG23	Unspecified	2

Source Document References

Information about the MegaCortex Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Decryptor Issued For Babuk Tortilla Ransomware Variant \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	The law enforcement operations targeting cybercrime in 2023
CERT-EU	a year ago	More than $100 million in ransom paid to Black Basta gang over nearly 2 years \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
DARKReading	a year ago	Ringleader of Prolific Ransomware Gang Arrested in Ukraine
Securityaffairs	a year ago	International police operation dismantled prominent Ukraine-based Ransomware group
CERT-EU	a year ago	Ringleader of Ransomware Group in Ukraine Arrested: Europol
CERT-EU	a year ago	Europol shutters ransomware operation with kingpin arrests
BankInfoSecurity	a year ago	Police Bust Suspected Ransomware Group Ringleader in Ukraine
InfoSecurity-magazine	a year ago	Ukraine Police Dismantle Major Ransomware Group
CERT-EU	a year ago	Qakbot Takedown Resembles Hack Back, Will Botnet, Malware Be Resurrected?
CERT-EU	a year ago	Operation Duck Hunt: Multinational Operation Dismantles Qakbot Botnet - IT Governance USA Blog
CERT-EU	a year ago	Free Decryptor Available for ‘Key Group’ Ransomware
CERT-EU	a year ago	Qakbot Botnet Disrupted, Infected 700,000 Computers Globally
CERT-EU	a year ago	Qakbot Cracked: FBI and Friends Hack the Hackers
InfoSecurity-magazine	a year ago	FBI-Led Operation Duck Hunt Shuts Down QakBot Malware
CERT-EU	a year ago	FBI and European partners dismantle global malware network
CERT-EU	a year ago	International police operation dismantles notorious Quakbot botnet
Flashpoint	a year ago	COURT DOC: Qakbot Malware Disrupted in International Cyber Takedown
CERT-EU	a year ago	Multinational Operation Disrupts QakBot Botnet
CERT-EU	a year ago	How the FBI nuked Qakbot malware from infected Windows PCs