FBI flash alert warns of LockerGoga and MegaCortex Ransomware attacks

The FBI has issued a warning to the private industry of cyber attacks involving the LockerGoga and MegaCortex Ransomware.

The FBI is warning the private industry of cyber attacks involving the LockerGoga and MegaCortex Ransomware.

“In an FBI Flash Alert marked as TLP:Amber and seen by BleepingComputer, the FBI is warning the private industry regarding the two ransomware infections and how they attack a network.” reported BleepingComputer.

“Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga.” reads the Flash Alert released by the FBI.

Threat actors leverage multiple techniques to compromise network of private organizations and deliver the LockerGoga and MegaCortex ransomware.

Feds remind that both ransomware implements a secure encryption algorithm that means it impossible to decrypt the files without paying the ransom.

According to the alert, attackers leverage exploits, phishing attacks, credential stuffing to deliver the malware.

Once attackers have compromised the target network, they will deploy the post-exploitation tool Cobalt Strike.

Experts believe the attackers deploy such kind of tools to exfiltrate data or to deliver additional malware, recently we reported that victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online.

This move is shocking and brings the ransomware attack to a higher level of threat, we can expect that other cybercrime gangs will adopt a similar strategy to blackmail the victims and force them to pay the ransom. In t

The FBI states the attackers attempt to terminate any process associated with security solutions by executing a kill.bat or stop.bat batch file. The batch files also disable Windows Defender scanning features.

The threat actors behind these ransomware attacks also use a variety of LOLBins and legitimate software such as 7-Zip, PowerShell scripts, wmic, nslookup, adfind.exe, mstds.exe, Mimikatz, Ntsdutil.exe, and massscan.exe.

The FBI offers guidance and mitigation advise that business owners should utilize to minimize their risk to the LockerGoga and MegaCortex ransomware.

The FBI recommends organizations to backup thier data regularly, to keep offline the backups to avoid that ransomware will encrypt them, and to periodically verify the integrity of the backup process.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – MegaCortex ransowmare, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.