MegaCortex

MegaCortex is a ransomware variant employs both automated and manual components in the attempt to infect victims. Threat actors use a common red-team attack tool script to invoke a meterpreter reverse shell in the victim’s environment. Then the infection chain uses PowerShell scripts, batch files from remote servers, and commands that only trigger the malware to drop encrypted secondary executable payloads on specified machines.

Technical Details and Reporting

  • Sophos provides details of this ransomware variant here.

megacortex-ransom-note-black-obs-1.png