MegaCortex Ransomware target the corporate sector and are trying to gain access to the organizationâ€™s domain controller in order to deliver the ransomware to the maximum number of workstations. Once on the target device, the malware launches a PowerShell script that deploys the multi-functional Meterpreter on the victimâ€™s network. Using this tool, attackers gain access to the company's domain controller and deliver the payload to the machines connected to it. An executable file and a batch script, responsible for unloading hundreds of processes from memory, are embedded in computers. Attackers disable security systems, virus scanners and other services that may interfere with data encryption.
Finally, the winnit.exe file is delivered to the device, which is responsible for loading the DLL library with a random name of eight characters. It encrypts user information and places a note in the root directory requesting a ransom. The message is stylized under the appeal of Morpheus - one of the heroes of the film "The Matrix". The film also refers to the name of the malware: the main character of the trilogy worked in a corporation with a similar name - MetaCortex. In the message, criminals propose to contact them for advice on protecting the corporate network in order to protect the company from future attacks.