The ransomware target enterprises by compromising the network and then attempting to encrypt all its devices.
The threat actors gain a foothold on a corporate network using exploits, phishing attacks, SQL injections, and stolen login credentials.
The Federal Bureau of Investigation (FBI) has issued an alert to warn private industries about LockerGoga and MegaCortex ransomware infection. The ransomware target enterprises by compromising networks and then attempting to encrypt all its devices.
What does the alert say?
As reported by Bleeping Computer, an FBI Flash Alert has warned private industries regarding the two ransomware infections and how they attack a network.
"Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga,” the FBI alert notes.
The actors behind LockerGoga and MegaCortex gain foothold on a corporate network using exploits, phishing attacks, SQL injections, and stolen login credentials.
Upon compromising a network, the threat actors install the penetration testing tool called Cobalt Strike. This tool allows the attackers to deploy beacons on a compromised device to create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system.
The threat actors gain persistence on the network for months before they deploy ransomware. During the ransomware deployment, the actors first check for processes and services related to security programs. If found any, the program is disabled before proceeding with the infection process.
Since both of these ransomware infections use a secure encryption algorithm, it is ..
Support the originator by clicking the read the rest link below.
