Megac0rtx Ransomware

By CagedTech in Ransomware

The Megac0rtx Ransomware is a recently spotted data-locking Trojan. Once cybersecurity experts dissected it, it became evident that this is a variant of the similarly named ransomware threat the MegaCortex Ransomware.

Propagation Method

Most ransomware threats are usually spread via macro-laced attachments in mass spam email campaigns, fraudulent software updates, or unofficial corrupted copies of applications downloaded from shady websites. However, the common trait between all these methods is that it is done randomly with the idea of spreading it to as many unsuspecting users as possible. However, this is not the case with the Megac0rtx Ransomware. It appears that the authors of the Megac0rtx Ransomware have opted to propagate their creation manually because each victim would receive a unique email address where they are required to contact the attackers. This leads experts to believe that the creators of the Megac0rtx Ransomware may not be targeting regular users but large companies instead.

The Encryption

When the Megac0rtx Ransomware infiltrates the targeted host, it will scan it so it can detect the locations of the files, which will be marked for encryption. Ransomware threats tend to encrypt all sorts of file types, which would be found on most systems – audio files, images, videos, databases, documents, etc. A ‘.megac0rtx’ extension is added to the filename of each file that undergoes the encryption process of the Megac0rtx Ransomware. This means that if you had named a photo ‘fat-racoon.jpeg’ originally once the file gets locked its name will be altered to ‘fat-racoon.jpeg.megac0rtx’ and thus be rendered unusable.

A Ransom Fee from $20,600 to $6,200,000

Next, the Megac0rtx Ransomware drops its ransom note. The note is called ‘!!!_READ-ME_!!!.txt.’ Many ransomware creators use caps lock in combination with attention-grabbing symbols when naming their creations as this reduces the chance of the victim overlooking their message. The tone of the note is rather cocky and even somewhat demeaning to the victim as they claim that if the user thinks they can "pay $500" for a decryption key and be done with it, they are "50 million light-years away from reality :)." In fact, the attackers demand 2-3 BTC as a ransom fee (~$20,600 to $31,000 at the time of typing this article) to the mind-numbing 600 BTC (~$6,200,000). Here is an excerpt of the note:

’And please do not start your first letter to us with the words:
"It's a mistake !! Our company is just trimming and grooming little dogs. We don't have money at all."
"There is a big mistake on our site !
We are not leaders in our industry and all our competitors don't suck our huge **ck.
We're just ? small company, and we are dying because of hard competition."
"We are not the Super Mega International Corporation ltd., we are just a nursery etc."

We see it 5 times a day. This sh*t doesn't work at all !!!
Don't waste our and your time.

Remember ! We don't work for food.
You have to pay for decryption in Bitcoins (BTC).
If you think you pay $500 and you'll get the decryptor, you are 50 million light years away from reality 🙂
The ransom begins from 2-3 BTC up to 600 BTC.
If you don't have money don't even write to us.
We don't do charity !’

We would advise you to ignore the demands of cybercriminals like the ones responsible for the Megac0rtx Ransomware. Instead, you can wipe the Megac0rtx Ransomware of your system using a reputable an-virus application and then attempt to recover some of the files lost via third-party data recovery software.

1 Comment

I have an SSD-disk with encrypted files *.megac0rtx.
If I scan these files with SpyHunter5 they will not be identified as
encrypted files.
-> I suppose that SpyHunter5 should decode this megac0rtx
-> is this correct?

thanks for your feedback.
best regards. helmut


Most Viewed