Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Nov 2019

How to remove MegaCortex ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Jake Doevan · Computer technology expert

MegaCortex is a sophisticated crypto-locking malware that employs both automated and manual components for its infection

MegaCortex ransomware

MegaCortex is a ransomware-type virus that targets corporations for money extortion purposes and is another example of large scale attacks that incorporate the “big game hunting”[1] technique, which is only used in targeted attacks. The threat is not new, and has been infecting organizations since January 2019, but become especially active at the start of May of the same year, infecting corporations around the world. Recently, malware reappeared with .m3g4c0rtx extension.

Initially, Sophos researchers claimed[2] that MegaCortex ransomware operates together with Emotet and Qakbot viruses, as these threats were also present during the first samples that experts examined. Nevertheless, further research that was published a week later[3] uncovered that this strain also uses the same Common Name (CN) on the digital certificate as Rietspoof malware, although no other connections to the latter were found.

Once the main executable rstwg.exe, winnit.exe, or other is launched, MegaCortex ransomware performs file encryption with the help of encryption algorithm[4] and then appends .aes128ctr file extension, although different types of appendixes were noticed in the wild.

Soon after that, the malware drops !!! _ READ_ME _ !!!.txt ransom note, in which hackers offer a decryption tool for a price, as well as the alleged tips on how to improve the company's security levels and a guarantee that it will remain safe from further MegaCortex virus attacks.

Name MegaCortex
Type Ransomware/ crypto virus
Malware executable rstwg.exe, winnit.exe, or other
File marker .aes128ctr, .m3g4c0rtx
Contact emails shawhart1542925@mail.com, anderssperry6654818@mail.com
main target Businesses, worldwide companies, home users
Already affected

 76 confirmed attacks from these countries:

  • Italy
  • USA
  • Canada
  • Netherlands
  • France
  • Ireland
  • Czech Republic
Ransom note !!! _ READ_ME _ !!!.txt
Distribution Infected documents, PSExec utility
Main damage Locks data, leads to money loss or damaged data, can also install a password-stealing virus
Elimination Use SpyHunterCombo Cleaner for MegaCortex removal. Get FortectIntego to repair virus damage

MegaCortex malware gets delivered using Windows domain controllers. According to recent reports, attackers gain remote access to the chosen network and configure the domain controller to distribute a copy of PsExec – the service running executable of the malware.[2] 

Additionally, MegaCortex ransomware gets on the system and disables security services or programs to keep on running without interruption. Encryption starts and quickly ends with files marked with .aes128ctr extension. This marker may change from sample to sample. As Sophos has reported, the virus has infected its clients from the United States, Canada, Australia, Hong Kong, Indonesia, the Netherlands, France, Ireland, Argentina, and Italy. Beware that home users may also be infected in the future!

MegaCortex

MegaCortex samples were discovered on May 1, 2019. It is known that the virus compromises the domain controller and when the Cobolt Strike is dropped and launched, it launches the main executable designed to start the main process of the cryptovirus. Additionally to these processes, the specific batch of files get executed to disable 44 particular processes and more than 200 Windows services.

Changes initiated by MegaCortex ransomware can also include:

  • changed startup preferences;
  • added or altered registry entries;
  • installed or disabled programs;
  • added files and malware.

When MegaCortex ransomware ends the encryption process, encoded files get marked with either .aes128ctr or the recent .m3g4c0rtx extension. Also, the virus creates other data on the affected system, like DLL with the list of encrypted file names and drops the ransom note on the desktop and in various folders on the computer.

The MegaCortex ransomware ransom note !!! _ READ_ME _ !!!.txt reads the following:

Your companies cyber defense systems have been measured, measured and have been found wanting. 
The breach is a result of the security protocols. 
All of your computers have been corrupted with MegaCortex malware that has encrypted your files. 
We must ensure that your data is swiftly and securely. 
Restoration of your data requires a private key. 
They are useless. 
It is critical that you restart or shutdown your computer. 
It can lead to irreversible damage to your computer back.
To confirm that our software works email to us 2 from random computers files is and the C: \ fracxidg.tsvfile ( 's) 
and you will of the get Them decrypted. 
C: \ fracxidg.tsv 
It will never be inconvenienced by us. 
Cyber ​​security. 
If you want to contact us at 
shawhart1542925@mail.com 
anderssperry6654818@mail.com 
We can only show you the door. Through one. 

The developers of MegaCortex seem to be struggling to look more credible, so they offer to test their decryption service (two files precisely) for free. Even if they recover those files without any pay, you shouldn't trust them and provide the demanded ransom. Get the professional anti-malware tools and get rid of the virus instead.

For the best MegaCortex ransomware removal results, you should rely on a reliable tool designed to fight malware. You can base your choosing on malware detection rate.[5] Make sure to avoid any unsafe installations and get the tool from reputable sources.

MegaCortex file locking malware

Various specialists from the cybersecurity field[6] have been offering using FortectIntego or SpyHunterCombo Cleaner for the proper job. Remove MegaCortex ransomware completely and make sure to clean the system from other possible programs or virus damage. Perform a full scan on the infected PC and follow with suggested steps.

The same solution is offered for companies since ransomware has mostly been targeting networks of corporations. The professional IT specialist should employ an antivirus tool to clean the entire network and then use backups to recover files encrypted by MegaCortex ransomware.

An operating system doesn't require permission when ransomware gets installed in the background

Emails often get ignored and this way cyber infections happen on the machine because file attachments or hyperlinks included, spreads malicious scripts. When the payload is dropped on the system, various malware can be launched and automatically installed.

Once this is done, trojans, malware or even ransomware itself starts running needed processes immediately. Since this particular virus gets delivered with the help of trojans and malware, it is not easy to spot cyber infections because the virus runs in the background. However, the appearance of rstwg.exe in your Task Manager should make you worried.

However, you can avoid such processes by paying more attention to the emails you receive in your email box. When any suspicious or questionable email appears in the box to make sure to delete it and exit the notification if any files get attached to that. One click on the included hyperlink or accidental installation of a document can lead to automatic ransomware infiltration, and then you risk getting your files damaged. 

Terminate MegaCortex ransomware and make sure to clean the machine fully

To remove MegaCortex ransomware from the affected computer or even the network, you need to disconnect your PCs from the Internet and run a full system scan with a professional anti-virus. If you go for a free tool, you risk getting PUPs or more dangerous cyber threats.

Make sure to learn about MegaCortex virus features and potential risks before attempting any processes. Also, rely on file backups and data recovery software when trying to restore encrypted files. This can only be achieved after profer system cleaning.

Automatic MegaCortex removal using anti-malware tools like FortectIntego, SpyHunterCombo Cleaner, or MalwarebytesMalwarebytes can give the advantage of detecting other malware besides the cryptovirus and eliminating corrupted files, PUPs from the machine.

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.