The FBI is warning the private industry of cyber attacks involving the LockerGoga and MegaCortex Ransomware.
“In an FBI Flash Alert marked as TLP:Amber and seen by BleepingComputer, the FBI is warning the private industry regarding the two ransomware infections and how they attack a network.” reported BleepingComputer.
“Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga.” reads the Flash Alert released by the FBI.
Threat actors leverage multiple techniques to compromise network of private organizations and deliver the LockerGoga and MegaCortex ransomware.
Feds remind that both ransomware implements a secure encryption algorithm that means it impossible to decrypt the files without paying the ransom.
According to the alert, attackers leverage exploits, phishing attacks, credential stuffing to deliver the malware.
Once attackers have compromised the target network, they will deploy the post-exploitation tool Cobalt Strike.
Experts believe the attackers deploy such kind of tools to exfiltrate data or to deliver additional malware, recently we reported that victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online.
This move is shocking and brings the ransomware attack to a higher level of threat, we can expect that other cybercrime gangs will adopt a similar strategy to blackmail the victims and force them to pay the ransom. In t
The FBI states the attackers attempt to terminate any process associated with security solutions by executing a kill.bat or stop.bat batch file. The batch files also disable Windows Defender scanning features.
The threat actors behind these ransomware attacks also use a variety of LOLBins and legitimate software such as 7-Zip, PowerShell scripts, wmic, nslookup, adfind.exe, mstds.exe, Mimikatz, Ntsdutil.exe, and massscan.exe.
The FBI offers guidance and mitigation advise that business owners should utilize to minimize their risk to the LockerGoga and MegaCortex ransomware.
The FBI recommends organizations to backup thier data regularly, to keep offline the backups to avoid that ransomware will encrypt them, and to periodically verify the integrity of the backup process.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – MegaCortex ransowmare, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.