MegaCortex Redesign Signals $5.8m Challenge to Firms

A new version of Matrix-themed ransomware MegaCortex is targeting organizations with demands of up to $5.8m to regain access to their encrypted data, according to Accenture researchers.

In version two, the authors have improved automation and usability and made it harder to stop, according to Leo Fernandes, senior manager of the firm’s iDefense Malware Analysis and Countermeasures (MAC) team.

One major change is the removal of a password requirement for installation. It is now hard-coded into the binary.

“The original version of MegaCortex had its main payload protected by a custom password that was only available during a live infection. As a result, this feature made the malware difficult for security vendors to analyze,” he explained.

“However, the password requirement also prevented the malware from being widely distributed worldwide and required the attackers to install the ransomware mostly through a sequence of manual steps on each targeted network.”

The ransomware has also been redesigned to self-execute, and there are some new anti-analysis features in the main module, as well as a more streamlined way to “stop and kill a wide range of security products and services.” These no longer need to be manually executed as batch script files on each host.

“The changes in version two suggest that the malware authors traded some security for ease of use and automation. With a hard-coded password and the addition of an anti-analysis component, third parties or affiliated actors could, in theory, distribute the ransomware without the need for an actor-supplied password for the installation,” megacortex redesign signals challenge firms