FBI issues guidance on the LockerGoga and MegaCortex ransomware

• The ransomware target enterprises by compromising the network and then attempting to encrypt all its devices.
• The threat actors gain a foothold on a corporate network using exploits, phishing attacks, SQL injections, and stolen login credentials.

The Federal Bureau of Investigation (FBI) has issued an alert to warn private industries about LockerGoga and MegaCortex ransomware infection. The ransomware target enterprises by compromising networks and then attempting to encrypt all its devices.

What does the alert say?

As reported by Bleeping Computer, an FBI Flash Alert has warned private industries regarding the two ransomware infections and how they attack a network.

"Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga,” the FBI alert notes.

The actors behind LockerGoga and MegaCortex gain foothold on a corporate network using exploits, phishing attacks, SQL injections, and stolen login credentials.

Upon compromising a network, the threat actors install the penetration testing tool called Cobalt Strike. This tool allows the attackers to deploy beacons on a compromised device to create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system.

The threat actors gain persistence on the network for months before they deploy ransomware. During the ransomware deployment, the actors first check for processes and services related to security programs. If found any, the program is disabled before proceeding with the infection process.

Since both of these ransomware infections use a secure encryption algorithm, it is nearly impossible to decrypt them for free.

What the FBI recommends?

Below are the guidance and mitigation processes recommended by the FBI to minimize the risk to the LockerGoga and MegaCortex ransomware.

• Make sure all installed software and operating systems are kept updated.
• Enable two-factor authentication and strong password to block phishing attacks, stolen credentials or other login compromises.
• Monitor all publicly exposed remote desktop servers to prevent attackers from gaining access to networks and systems.
• Scan for open ports on the network and block them from being accessible.
• Disable SMBv1 as numerous vulnerabilities and weaknesses exist in the protocol.