New wave of ransomware infections hits European, Asian and US companies. It is MegaCortex and it is inspired by the Matrix
Among the many types of viruses circulating on the Internet there is a whole category, the so-called ransomware, specialized in trying to blackmail unsuspecting users by threatening them with dire consequences if they do not immediately pay an amount of money (usually in Bitcoin). Often the consequence of non-payment is the loss of all data, which has been previously encrypted by the virus to make it unreadable.
The latest ransomware to catch the attention of experts in the field is called "MegaCortex" and has a peculiarity that makes it unique: it is inspired by the Matrix trilogy and, in particular, by the key scene in which Morpheus (Laurence Fishburne) tells Neo (Keanu Reeves) "I can take you to the threshold, but you have to go through the door yourself". Disclosing the details, and how this ransomware works, was cybersecurity firm Sophos, which, as of May 1, detected MegaCortex attacks in the United States, Canada, Argentina, Italy, the Netherlands, France, Ireland, Hong Kong, Indonesia and Australia.
How MegaCortex, the Matrix-inspired ransomware, works
Apparently, MegaCortex infection, which targets computers in corporate networks, almost always stems from a pre-existing infection, usually by Emotet or Qbot viruses. These are two pieces of malware engineered precisely to distribute other viruses. The computer that gets infected with MegaCortex shows the user a message that says "Your companies' cyber defense systems have been evaluated, measured and found wanting. The breach is the result of gross negligence of security protocols. I can lead you to the threshold, but you have to walk through the door yourself."
First, the ransomware tells us that the files on the infected computer have been encrypted, and in order to unlock them, we have to send an email to a specific address, from which an executable file will be sent that, upon payment of the ransom, will allow decrypting the hard drive.
How to defend yourself against MegaCortex ransomware
At the moment, no MegaCortex attacks have been reported outside of PCs within large corporate networks. But as always, precautions can never be too many, so you can remember some useful security measures for everyone.
First of all, since MegaCortex often enters the PC via Emotet or Qbot, a thorough antivirus scan is the starting point to close any entry doors for the ransomware. Then, since MegaCortex in many cases manages to steal the system administrator's password, it is useful to enable two-factor authentication. Finally, to avoid having to pay a ransom to get access to your data again, it is essential to have constantly updated backups of at least the most important data on all PCs connected to the network.