From recent news, ransomware family was discovered in the last month of august and sooner it was out this week doing a massive email spam. This group has been targeting educational institutions with the help of this all new MarsJoke referred as ransomware family hack.
This group is using emails of theft identity and using it for air travel notifications. The worst part is that it contains a link that has a downloadable EXE file. Whenever this file is executed it will automatically install the MarsJoke ransomware, that is going to lock the data of the user’s computer and all this happened with the method of the AES-256 encryption algorithm.
This file will create chaos once the file is installed and this ransomware will lock all the files so that user cannot access anything which will lead the user to pay 0.7 Bitcoin as demanded by the group through the Exe file. Whenever the user wants to access the file 0.7 Bitcoin should be paid or else there is no other way to access the file.
Darien Huss a Proofpoint researcher discovered this ransomware that replaces the desktops wallpaper to HTML and TXT format ransom notes. In order to get the user’s attention also, this HTML and TXT format notes will be available in every folder.
It is being said that the visual style is copied from the CTB-Locker that is more successful ransomware, but MarsJoke disagrees with this and does not claim to be CTB-Locker.
MarsJoke was distributed via the Kelihos botnet and in order to decrypt the files all the victim need to do was to install the Tor Browser and access a website hosted on the Tor network. Then the ransomware’s name appears from a string that is found in its source code as “HelloWorldItsJokeFromMars”.