Environment
- CB Defense Sensor: 3.0.1.1 and Higher
- Microsoft Windows: All Supported Versions
Question
Will the sensor prevent attacks from the MegaCortex Ransomware?
Answer
Based on static analysis of MegaCortex binaries, the TTPs used will be blocked if proper policy settings are in place
Additional Notes
- Policies must have settings to to block ransomware-like behavior in order to prevent ransomware attacks
- Consider adding policy settings to block any known malware, suspect malware, adware, or PUP processes
- Carbon Black has performed static analysis of the binaries to determine MegaCortex's TTPs. Due to many anti-analysis functions within the malware and it's extremely small set of victims, only those with direct, hands-on access (incident response teams) can fully analyze the malware in its natural state. Carbon Black will monitor for variants of MegaCortex that may appear to suggest an outbreak and perform an another analysis then.
Related Content