Security recommendations from the FBI in response to LockerGoga and MegaCortex malware
LockerGoga and MegaCortex are currently two of the ransomware strains that cause the biggest damage in 2019.
LockerGoga and MegaCortex are currently two of the ransomware strains that caused the biggest damage in 2019 with a series of large-scale attack campaigns worldwide, causing tens of millions of dollars in damage. These two types of malicious code tend to be used by professional cybercriminal organizations, targeting primarily the business - the object that helps them earn more ransom.
Prior to this situation, the US Federal Bureau of Investigation (FBI) recently issued an "FBI Flash Alert" which warns about threats from LockerGoga, MegaCortex and how they operate, specifically as follows:
- LockerGoga and MegaCortex are spread mainly through methods of exploiting system vulnerabilities, phishing attacks, SQL injections and the use of stolen login information.
- Upon successful penetration into a system, malicious agents will install a penetration testing tool called Cobalt Strike. This tool allows them to execute PowerShell scripts, escalate privileges or create spying tools on victim systems.
- Attackers will stay in the victim's system for a long time until they understand the specifics of the system, and then they deploy ransomware.
- During ransomware deployment, the attacker will firstly check the processes and services related to the security system. If any security tools and programs are found on the victim's system, they will attempt to completely disable them.
- Both ransomware infections use secure encryption algorithms, so it's almost impossible for victims to decode them for free.
FBI recommendation
The following guidelines are recommended by the FBI to minimize the risks posed by LockerGoga and MegaCortex:
- Ensure that all software and operating systems of all devices in the system are updated to the latest version.
- Apply additional authentication methods and strong passwords to prevent phishing attacks, login credentials theft, and other fraudulent acts.
- Monitor all remote servers to prevent an attacker from accessing the intranet.
- Scan open ports on the network, ready to disconnect access when necessary.
- Disable SMBv1 because many vulnerabilities and weaknesses exist in this protocol.
5 ★ | 1 Vote
You should read it
- Ransomware LockerGoga is making a big corporation miserable
- PureLocker - a very 'weird' ransomware strain that can encrypt servers
- Another large Data Center service provider became a victim of ransomware
- Warning: These 3 dangerous ransomware could explode all over the world, 1800 large enterprises were 'shot'.
- 7 kinds of ransomware you didn't expect
- List of the 3 most dangerous and scary Ransomware viruses
- Take a look at the most significant threats from the security world in 2019
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- [Infographic] 7 effective ways to protect businesses from Ransomware
- How to decode ransomware InsaneCrypt (Everbe 1.0)
Maybe you are interested
Dangerous 'Helldown' Ransomware Warning Expands to Linux and VMware
Detecting a new ransomware strain that specializes in stealing login information from the Chrome browser
What is extortionware? How is it different from Ransomware?
New ransomware appears attacking Windows operating system
Difference between Cyber Extortion and Ransomware
How to enable ransomware restrictions on Windows