• CB Defense Sensor: 3.0.1.1 and Higher
• Microsoft Windows: All Supported Versions

Based on static analysis of MegaCortex binaries, the TTPs used will be blocked if proper policy settings are in place

• Policies must have settings to to block ransomware-like behavior in order to prevent ransomware attacks

  • When a not listed application performs ransomware-like behavior, terminate process. 
    When an unknown application or process performs ransomware-like behavior, terminate process.

• Consider adding policy settings to block any known malware, suspect malware, adware, or PUP processes
• Carbon Black has performed static analysis of the binaries to determine MegaCortex's TTPs. Due to many anti-analysis functions within the malware and it's extremely small set of victims, only those with direct, hands-on access (incident response teams) can fully analyze the malware in its natural state. Carbon Black will monitor for variants of MegaCortex that may appear to suggest an outbreak and perform an another analysis then.