FBI flash alert warns of LockerGoga and MegaCortex Ransomware attacks

Pierluigi Paganini December 24, 2019

The FBI has issued a warning to the private industry of cyber attacks involving the LockerGoga and MegaCortex Ransomware.

The FBI is warning the private industry of cyber attacks involving the LockerGoga and MegaCortex Ransomware.

“In an FBI Flash Alert marked as TLP:Amber and seen by BleepingComputer, the FBI is warning the private industry regarding the two ransomware infections and how they attack a network.” reported BleepingComputer.

“Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga.” reads the Flash Alert released by the FBI.

Threat actors leverage multiple techniques to compromise network of private organizations and deliver the LockerGoga and MegaCortex ransomware.

Feds remind that both ransomware implements a secure encryption algorithm that means it impossible to decrypt the files without paying the ransom.

According to the alert, attackers leverage exploits, phishing attacks, credential stuffing to deliver the malware.

Once attackers have compromised the target network, they will deploy the post-exploitation tool Cobalt Strike.

Experts believe the attackers deploy such kind of tools to exfiltrate data or to deliver additional malware, recently we reported that victims of the Maze Ransomware are facing another risk, after having their data encrypted now crooks are threatening to publish their data online.

This move is shocking and brings the ransomware attack to a higher level of threat, we can expect that other cybercrime gangs will adopt a similar strategy to blackmail the victims and force them to pay the ransom. In t

The FBI states the attackers attempt to terminate any process associated with security solutions by executing a kill.bat or stop.bat batch file. The batch files also disable Windows Defender scanning features.

The threat actors behind these ransomware attacks also use a variety of LOLBins and legitimate software such as 7-Zip, PowerShell scripts, wmic, nslookup, adfind.exe, mstds.exe, Mimikatz, Ntsdutil.exe, and massscan.exe.

The FBI offers guidance and mitigation advise that business owners should utilize to minimize their risk to the LockerGoga and MegaCortex ransomware.

The FBI recommends organizations to backup thier data regularly, to keep offline the backups to avoid that ransomware will encrypt them, and to periodically verify the integrity of the backup process.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – MegaCortex ransowmare, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment