The FBI recently warned U.S. organizations about LockerGaga and MegaCortex ransomware attacks, according to BleepingComputer. It also provided tips to help organizations guard against LockerGaga and MegaCortex.
LockerGaga and MegaCortex control an organization's network via exploits, phishing attacks, SQL injections and stolen login credentials, FBI noted. They then attempt to encrypt all network devices.
In addition, LockerGaga and MegaCortex use the Cobalt Strike penetration testing tool to deploy "beacons" on a compromised device, FBI stated. This allows the ransomware to perform various activities on a victim's device.
Cybercriminals typically infect a victim's device with LockerGaga or MegaCortex but wait several months before they deploy the ransomware, FBI indicated. Once cybercriminals execute a LockerGaga or MegaCortex cyberattack, they stop an infected device's security program processes and services and disable Windows Defender scanning features and any security-related services.
How to Combat LockerGaga and MegaCortex Ransomware Attacks
FBI offered a variety of tips to help organizations mitigate LockerGaga and MegaCortex ransomware attacks, including:
- Perform regular backups and work with verified backups.
- Ensure all installed software and operating systems are kept up to date.
- Activate two-factor authentication and strong passwords to limit the risk of phishing attacks, stolen credentials or other login compromises.
- Scan for open or listening network ports and block them.
- Monitor Active Directory and administrator group changes for unauthorized users.
Furthermore, organizations must "remain vigilant" to keep pace with LockerGaga and MegaCortex, Andrew Brandt, Principal Researcher at British cybersecurity company Sophos, told MSSP Alert. Organizations also can perform regular software patching, network assessments and other security measures to protect against LockerGaga and MegaCortex.
