Megac0rtx Ransomware

Megac0rtx Ransomware Description

The Megac0rtx Ransomware is a recently spotted data-locking Trojan. Once cybersecurity experts dissected it, it became evident that this is a variant of the similarly named ransomware threat the MegaCortex Ransomware.

Propagation Method

Most ransomware threats are usually spread via macro-laced attachments in mass spam email campaigns, fraudulent software updates, or unofficial corrupted copies of applications downloaded from shady websites. However, the common trait between all these methods is that it is done randomly with the idea of spreading it to as many unsuspecting users as possible. However, this is not the case with the Megac0rtx Ransomware. It appears that the authors of the Megac0rtx Ransomware have opted to propagate their creation manually because each victim would receive a unique email address where they are required to contact the attackers. This leads experts to believe that the creators of the Megac0rtx Ransomware may not be targeting regular users but large companies instead.

The Encryption

When the Megac0rtx Ransomware infiltrates the targeted host, it will scan it so it can detect the locations of the files, which will be marked for encryption. Ransomware threats tend to encrypt all sorts of file types, which would be found on most systems – audio files, images, videos, databases, documents, etc. A ‘.megac0rtx’ extension is added to the filename of each file that undergoes the encryption process of the Megac0rtx Ransomware. This means that if you had named a photo ‘fat-racoon.jpeg’ originally once the file gets locked its name will be altered to ‘fat-racoon.jpeg.megac0rtx’ and thus be rendered unusable.

A Ransom Fee from $20,600 to $6,200,000

Next, the Megac0rtx Ransomware drops its ransom note. The note is called ‘!!!_READ-ME_!!!.txt.’ Many ransomware creators use caps lock in combination with attention-grabbing symbols when naming their creations as this reduces the chance of the victim overlooking their message. The tone of the note is rather cocky and even somewhat demeaning to the victim as they claim that if the user thinks they can “pay $500” for a decryption key and be done with it, they are “50 million light-years away from reality :).” In fact, the attackers demand 2-3 BTC as a ransom fee (~$20,600 to $31,000 at the time of typing this article) to the mind-numbing 600 BTC (~$6,200,000). Here is an excerpt of the note:

’And please do not start your first letter to us with the words:
"It's a mistake !! Our company is just trimming and grooming little dogs. We don't have money at all."
"There is a big mistake on our site !
We are not leaders in our industry and all our competitors don't suck our huge **ck.
We're just ? small company, and we are dying because of hard competition."
"We are not the Super Mega International Corporation ltd., we are just a nursery etc."

We see it 5 times a day. This sh*t doesn't work at all !!!
Don't waste our and your time.

Remember ! We don't work for food.
You have to pay for decryption in Bitcoins (BTC).
If you think you pay $500 and you'll get the decryptor, you are 50 million light years away from reality 🙂
The ransom begins from 2-3 BTC up to 600 BTC.
If you don't have money don't even write to us.
We don't do charity !’

We would advise you to ignore the demands of cybercriminals like the ones responsible for the Megac0rtx Ransomware. Instead, you can wipe the Megac0rtx Ransomware of your system using a reputable an-virus application and then attempt to recover some of the files lost via third-party data recovery software.

Do You Suspect Your PC May Be Infected with Megac0rtx Ransomware & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Megac0rtx Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

One Comment

  • helmut:

    I have an SSD-disk with encrypted files *.megac0rtx.
    If I scan these files with SpyHunter5 they will not be identified as
    encrypted files.
    -> I suppose that SpyHunter5 should decode this megac0rtx
    -> is this correct?

    thanks for your feedback.
    best regards. helmut

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.