FBI warns of LockerGoga and MegaCortex ransomware attacks

Featured image

Share this article

Businessperson locked out from computer data by ransomware

The FBI is alerting private industry to the dangerous threat from LockerGoga and MegaCortex ransomware.

These infections compromise an organization’s network and then encrypt all its devices using malware. Attackers demand a large ransom payoff to decrypt the enterprise’s data.  

According to Bleeping Computer, the FBI’s alert states, “Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands.”

What to expect during an attack

Attackers gain access to a network by using exploits, phishing, SQL injections, and stolen login credentials. They also often apply Cobalt Strike penetration testing tools. 

Once a network is compromised, the attackers usually linger on the network for months before deploying ransomware. While the attackers are in an organization’s network, they extract data, utilize information-stealing trojans, and ruin workstations and servers.

After the network is cleaned out of anything valuable, the attackers will begin to encrypt devices on the network with the LockerGoga or MegaCortex ransomware infections. During the ransomware attack, a kill.bat or stop.bat batch file is executed that shuts down security programs and related services.   

What to do to minimize risk

The FBI recommends that organizations have up-to-date backups, stored offline. This way all systems can be restored from these backups. 

Additional guidance offered by the FBI includes to:

  • Prevent vulnerabilities from being exploited by keeping installed software and operating systems updated  
  • Make sure two-factor authentication is enabled along with strong passwords to halt phishing, stolen credentials, and other login issues
  • Audit logs for all remote connection protocols and the creation of new accounts
  • Block open or listening ports on the network from being accessible
  • Disable the protocol SMBv1 as it contains numerous vulnerabilities
  • Check Active Directory and administrator group changes for unauthorized users
  • Use the most up-to-date PowerShell and set up logging and monitor for unusual commands, especially Base 64

Conclusion

Unfortunately, every organization — from nonprofits to healthcare providers, municipalities, and large corporations — can become a victim to LockerGoga and MegaCortex Ransomware.

As the FBI makes clear, the best defenses must be put in place to remain vigilant against attack and have a strong email security strategy in place. 

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Rick Kuwahara

Rick Kuwahara is COO and Chief Compliancy Officer for Paubox.

Read more by Rick Kuwahara

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022