Cyber security researchers at Sophos have reported a spike in a new ransomware named MegaCortex. The infection targets corporate networks and has reportedly affected customers worldwide, with victims in Italy, the United States, Canada, the Netherlands, Ireland, and France.
Sophos said the ransomware appears to have been designed to target large enterprise networks as part of carefully planned targeted intrusions. Researchers note how MegaCortex “leverages both automated and manual components, and appears to involve a high amount of automation to infect a greater number of victims”.
The researchers have also suggested that there a correlation between the MegaCortex attacks and a pre-existing, ongoing infection on the victims’ networks with both Emotet and Qbot.
The malware’s name is a reference to the corporation where the character Neo worked in the first Matrix movie. The ransom note has also been said to have been written in the voice of the film’s character, Morpheus. It reads: “Your companies (sic) cyber defence systems have been weighed, measured and have been found wanting. The breach is the result of grave neglect of security protocols.”
The most important thing an organisation can do is regularly create a backup copy of important files. This reduces the leverage of the attacker. The NCSC has published guidance on how to prevent a ransomware incident, and what to do if your organisation is infected. The NCSC has also launched a free tool, Exercise in a Box, to help SMEs test and practise their response to a cyber attack.
Concern around computer skills decline in schools
A decline in students under the age 16 obtaining computing qualifications has caused concerns, according to a new report from the University of Roehampton.
The report highlighted a drop from 140,000 students achieving a GCSE in computer science or information technology to 130,000 in 2018. It also noted that schools had cut back hours spent teaching the subject to students.
The ICT qualification has been phased out and replaced by computer science, but there are concerns that the slow progress of the subject may mean that students leave school with no computer qualification at all. The report states that the number of hours teaching computing has dropped 31% between 2012 and 2017.
The Department for Education has underlined the government’s belief in the importance of computing by making it compulsory in the national curriculum. They also stated, “We are investing £84m over the next four years to up-skill up to 8,000 computer science teachers and drive up participation in computer science.“ You can learn more about the government’s approach on the Department for Education’s website.