The authors of MegaCortex, a ransomware tool that was used recently in costly attacks against organizations in North America and Europe, have tweaked the malware to make it even more dangerous.
Researchers from Accenture iDefense this week said they have spotted a new version of the ransomware with features that make it harder to detect and easier for attackers to deploy on compromised networks.
Like the first version of MegaCortex that surfaced earlier this year, the new one is designed for use in manual, post-exploitation, targeted attacks. However, the authors have made some changes to the malware that suggest they have traded security for automation and ease of use, according to a report from Accenture iDefense.
For instance, the original MegaCortex malware required a password in order to decrypt and load the final payload. Attackers needed to install the ransomware on a compromised network via a series of manual steps and use a custom password that would become available only during a live infection.
This made it very hard for security researchers to analyze and reverse engineer the malware. "The password was heavily encoded and encrypted. Thus, brute-forcing the password to run the malware was not a feasible approach," says Leo Fernandes, senior manager of the Accenture iDefense Malware Analysis and Countermeasures (MAC) team.
At the same time, the password requirement also limited the ability for attackers to deploy MegaCortex widely, Fernandes says. With the second version, the malware authors have removed the need for a password for installation and have instead hard-coded a password in the binary. "The new ..
Support the originator by clicking the read the rest link below.
