FBI has issued a warning alert to all large corporations operating in regions such as the United Kingdom, United States, Norway, France, and the Netherlands. The law enforcement agency from the United States suggests that all private and public entities in the said region are vulnerable to LockerGoga and MegaCortex Ransomware attacks.
Technically, both the specified file-encrypting malware first hit their targets, then hibernate on the network for months and then start encrypting files on the devices.
Therefore, the Federal Bureau of Investigation is urging private entities to come forward in devising a plan of information and guidance to curb such attacks.
According to the alert now available to Media, the developers behind the LockerGoga and MegaCortex first infiltrate a corporate network via exploits, phishing attacks, SQL injection, and siphoned data related to login credentials- all by installing Pen Test tools such as Cobalt Strike.
After the threat actors gain access to a network, they then install software which then allows the hackers to create shells on the infected devices to execute PowerShell scripts and such.
What’s interesting in this network attack saga is that after gaining access to hackers they then hibernate on the network for months- probably stealing and transmitting data to remote servers, compromising workstations and servers on a further note and installing spying tools which are hard to identify and erase.
Once all the data is harvested they then encrypt the files on the network and then start demanding a ransom from the victim.
As LockerGoga and Megacortex use super secure encryption algorithms, it becomes tough to hack decrypt them for free.
FBI is urging large companies to keep workable backups on a standby note and keep the security software on the network up to date. Also using Threat monitoring/detection solutions makes complete sense in such situations says the American law enforcement agency.
Also using updates versions of PowerShells, and uninstalling older versions, scanning for open ports and closing them, monitoring changes in Active Directories and administrator groups for unauthorized entries makes sense says FBI.