“In an FBI Flash Alert marked as TLP
“Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga.” reads the Flash Alert released by the FBI.
Threat actors leverage multiple techniques to compromise network of private organizations and deliver the LockerGoga and MegaCortex ransomware.
Feds remind that both ransomware implements a secure encryption algorithm that means
According to the alert, attackers leverage exploits, phishing attacks, credential stuffing to deliver the malware.
Once attackers have compromised the target network, they will deploy the post-exploitation tool Cobalt Strike.
Experts believe the attackers deploy such kind of tools to
This move is shocking and brings the ransomware attack to a higher level of threat, we can expect that other cybercrime gangs will adopt a similar strategy to blackmail the victims and force them to pay the ransom. In t
The FBI states the attackers attempt to terminate any process associated with security solutions by executing a kill.bat or
The threat actors behind these ransomware attacks also use a variety of LOLBins and legitimate software such
The FBI offers guidance and mitigation advise that business owners should utilize to minimize their risk to the LockerGoga and MegaCortex ransomware.
The FBI recommends organizations to backup
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.