【インディケータ情報】

■ハッシュ情報(Sha256)

ca0d1e770ca8b36f6945a707be7ff1588c3df2fd47031aa471792a1480b8dd53
5ff14746232a1d17e44c7d095e2ec15ede4bd01f35ae72cc36c2596274327af9
e362d6217aff55572dc79158fae0ac729f52c1fc5356af4612890b9bd84fbcde

■ファイル

!-!_README_!-!.rtf

■脅迫文

Your company's network has been breached and infected with MegaCortex Malware.

All of your user credentials have been changed and your files have been encrypted.
We ensure that the only way to retrieve your data swiftly and securely is with our software.
Restoration of your data requires a private key which only we possess.

To confirm that our decryption software works email to us 2 files from random computers.
You will receive further instructions after you send us the test files.

After receiving payment we will provide you with the decryptor including its full source code and credentials to your computers.
We have also downloaded your data to a secure location. In the unfortunate event of us not coming to an agreement we will have no choice but to make this data public.
Once the transaction is finalized all of copies of data we have downloaded will be erased.
We will provide any assistance if needed.

Contact emails:
redacted@redacted.com
or
redacted@redacted.com

【検索】

google: ca0d1e770ca8b36f6945a707be7ff1588c3df2fd47031aa471792a1480b8dd53
google: 5ff14746232a1d17e44c7d095e2ec15ede4bd01f35ae72cc36c2596274327af9
google: e362d6217aff55572dc79158fae0ac729f52c1fc5356af4612890b9bd84fbcde

【VT検索】

https://www.virustotal.com/gui/file/ca0d1e770ca8b36f6945a707be7ff1588c3df2fd47031aa471792a1480b8dd53
https://www.virustotal.com/gui/file/5ff14746232a1d17e44c7d095e2ec15ede4bd01f35ae72cc36c2596274327af9
https://www.virustotal.com/gui/file/e362d6217aff55572dc79158fae0ac729f52c1fc5356af4612890b9bd84fbcde

【ニュース】

◆New Megacortex Ransomware Changes Windows Passwords, Threatens to Publish Data (Bleeping Computer, 2019/11/05)
https://www.bleepingcomputer.com/news/security/new-megacortex-ransomware-changes-windows-passwords-threatens-to-publish-data/