Infected with MegaCortex Ransomware? Need to decrypt your files?
What is MegaCortex Ransomware
Today’s article is devoted to the threat related to the number of crypto viruses. MegaCortex there is a cryptovirus that has spread to almost the whole world by the beginning of May this year, despite the fact that initially it is aimed at English-speaking users. More specifically, the first traces of this cryptographer were found at the end of 2018. Like similar threats, MegaCortex encrypts user data in various formats, such as office documents, video and photos, archives, and more. After encryption, it appends the .aes128ctr extension to the attacked files. Of course, files become unsuitable for further use. Also, the executable file creates a file note !!!_READ_ME_!!!.txt with information about encryption. Here is an image of this note and its contents:
Your companies cyber defense systems have been weighed, measured and have been found wanting.
The breach is a result of grave neglect of security protocols.
All of your computers have been corrupted with MegaCortex malware that has encrypted your files.
We ensure that the only way to retrieve your data swiftly and securely is with our software.
Restoration of your data requires a private key which only we possess.
Don't waste your time and money purchasing third party software, without the private key they are useless.
It is critical that you don't restart or shutdown your computer.
This may lead to irreversible damage to your data and you may not be able to turn your computer back on.
To confirm that our software works email to us 2 files from random computers and C:\fracxidg.tsv file('s)
and you will get them decrypted.
C:\fracxidg.tsv contain encrypted session keys we need in order to be able to decrypt your files.
The softwares price will include a guarantee that your company will never be inconvenienced by us.
You will also receive a consultation on how to improve your companies cyber security .
If you want to purchase our software to restore your data contact us at:
shawhart1542925@mail.com
anderssperry6654818@mail.com
We can only show you the door. You're the one who has to walk through it.
The note does not contain information about the amount of the ransom, besides, there is no guarantee that the attackers will really return your files to you in their original form. Scammers point out that the user has a very limited amount of time to pay for the ransom. Also, fraudsters arrogantly offer their services to companies to preserve their data. It looks doubtful, considering that it was they who encrypted your data. Anyway, we strongly recommend that you use our recommendations to try to delete MegaCortex and decrypt your files.
Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. If you want to decrypt your files, please follow our instruction below or, if you have any difficulties, please contact us: submit@securitystronghold.com. We really can help to decrypt your files.
How MegaCortex infected your PC
Threats and viruses of this type come to the computer through the gaps and vulnerabilities of network settings. As a rule, this happens due to the absence of normal anti-virus protection and the absence of any programs and utilities that can prevent the penetration of MegaCortex and other crypto viruses. It is much better to prevent file encryption than to deal with the consequences. We recommend that you use the paid version of antivirus software. Below you will find recommendations and instructions to remove MegaCortex and decrypt your files.
First of all, don’t panic. Follow these easy steps below.
1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the MegaCortex virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.
Recommended Solution:
SpyHunter 4 – fully removes all instances of MegaCortex – files, folders, registry keys.
You may find more detailed information about antivirus products in our article – Top 5 Antivirus Software for Windows
Restore your files using shadow copies
- Download and run Stellar Data Recovery.
- Select type of files you want to restore and click Next.
- Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
- Once the scanning process is done, click Recover to restore your files.
Step 2: Remove following files and folders of MegaCortex:
Related connections or other entries:
No information
Related files:
No information
How to decrypt files infected by MegaCortex?
You can try to use manual methods to restore and decrypt your files.
Decrypt files manually
Restore the system using System Restore
Although latest versions of MegaCortex remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.
- Initiate the search for ‘system restore‘
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
Written by Rami Duafi