MalwareHunterTeam has detected a new sample of the MegaCortex ransomware strain that is typically distributed via Trojans like Emotet in targeted campaigns. In addition to encrypting files on infected machines, the new version of the malware changes the password of the active user and warns the user that their personal files will be published online unless they pay the ransom.
While the researchers initially dismissed the claim that the ransomware changes the user’s login credentials as an idle threat, they discovered that the malware actually does this. The researchers were not able to verify whether or not MegaCortex really uploads user files to the threat actors before starting the encryption process, but victims are advised not to dismiss the possibility that the attackers can make their data public.
Read more: New Megacortex Ransomware Changes Windows Passwords, Threatens to Publish Data