Ransom.Megacortex

Ransom.Megacortex is Malwarebytes’ detection name for a small family of ransomware that is used in targeted attacks on enterprises.

Ransom.Megacortex is ransomware. Ransomware is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access. Ransom.Megacortex is introduced on enterprise networks by use of stolen or leaked administrative credentials. There are also some reports of the threat actors using Trojan downloaders that are spread through instant messaging networks. These are spread and then used to download and install the ransomware.

Ransom.Megacortex tries to stop several processes that belong to security software.

Ransom.MegaCortex adds the extension .aes128ctr to the encrypted files.

When the encryption routine has completed it will show a ransom note which mentions a tsv file in the root directory and two email addresses.

Malwarebytes blocks Ransom.Megacortex

Malwarebytes can detect and remove Ransom.Megacortex on business machines without further user interaction. To remove Ransom.Megacortex using Malwarebytes business products, follow the instructions below.

Malwarebytes can detect and remove Ransom.Megacortex without further user interaction.

Take note, however, that removing this ransomware does not decrypt your files. You can only get your files back from backups you made before the infection happened.