MarsJoke ransomware: Old tricks and new threats

by Derek Kortepeter
Sept. 1, 2017 1 comment TechGenix ransomware

Researchers at Proofpoint have been extremely vigilant in uncovering new strains of malware lately. The most recent example of this is identifying a new ransomware that targets government and education. Called MarsJoke because of a code string in the malware that says “HelloWorldItsJokeFromMars,” the ransomware first appeared in August and exhibits similarities to CryptFile2, according to a Proofpoint blog post. The MarsJoke and CryptFile2 ransomware campaigns both attacked government agencies via email campaigns. The email is distributed through a botnet identified by researcher Gary Warner as Kelihos. MarsJoke’s email looks very convincing to the layman, and if the target takes the bait they will open, via a clickable URL, a file called “file_6.exe.” Upon execution, file_6.exe will unleash MarsJokes’s payload that encrypts all files, but does not change their extensions.

negrii_irina88 7 months, 3 weeks ago

MarsJoke does not appear to be "just another ransomware"'s very aggressive