logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB Defense: Will the sensor block MegaCortex attacks?

CB Defense: Will the sensor block MegaCortex attacks?

Environment

  • CB Defense Sensor: 3.0.1.1 and Higher
  • Microsoft Windows: All Supported Versions

Question

Will the sensor prevent attacks from the MegaCortex Ransomware?

Answer

Based on static analysis of MegaCortex binaries, the TTPs used will be blocked if proper policy settings are in place


Additional Notes

  • Policies must have settings to to block ransomware-like behavior in order to prevent ransomware attacks 
    • When a not listed application performs ransomware-like behavior, terminate process. 
When an unknown application or process performs ransomware-like behavior, terminate process.
  • Consider adding policy settings to block any known malware, suspect malware, adware, or PUP processes
  • Carbon Black has performed static analysis of the binaries to determine MegaCortex's TTPs. Due to many anti-analysis functions within the malware and it's extremely small set of victims, only those with direct, hands-on access (incident response teams) can fully analyze the malware in its natural state. Carbon Black will monitor for variants of MegaCortex that may appear to suggest an outbreak and perform an another analysis then.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎06-11-2019
Views:
278
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.