MarsJoke Ransomware Targets US Government And Education Institutions

Ransomware targeting US government agencies and education institutions, has been discovered by cyber security researchers from Proofpoint.

Dubbed MarsJoke, the ransomware was uncovered in late August and found to be hiding behind email that convincingly resembled those from a major yet unnamed national US airline.

“This is a departure from the much more frequent attached document campaigns we have observed recently with a range of malware, including the widely distributed Locky ransomware,” the researchers said.

“The messages in this campaign used a convincing email body and had a variety of Subject lines referencing a major national air carrier, adding an air of legitimacy to the lures with stolen branding.”

MarsJoke threat

The ransomware appears to have used Kelihos, a well-known botnet, for its distribution and spreads an email to its victims about a tracked parcel from the airline carrier prompting them to click on a link in the email to track the parcel.

Once the victims do this they are taken to a malicious URL which infects the victim’s computer with the MarsJoke ransomware. Once infected, files on the target machine get encrypted and files are created with names such as “ReadMeFilesDecrypt!!!.tx” as a means to alert victims that their machine has been infected.

The user’s desktop is also changed to display a message declaring the victim’s personal files are encrypted and they have 96 hours to submit a Bitcoin payment otherwise the filed will remain encrypted indefinitely.

Victims are also warned not to try and remove the ransomware otherwise the decryption key will be lost. As step-by-step guide is provided to instruct the victims on how to pay the cyber criminals.

Proofpoint’s researchers said MarsJoke is no ordinary ransomware and appears to be backed up by a capable cyber criminal operation.

It is worth noting however, the sample emails provided by Proofpoint were littered with errors that should server as a warning to victims that they may have not come from a legitimate source. Nevertheless, the ransomware appears to have the potential to wreak havoc on its victims, particularly when they are part of the public sector.

“Educational institutions and state and local governments are often seen as easy targets because they lack the infrastructure and funding to ensure robust backups and strong defensive resources are in place to prevent and mitigate infections,” Proofpoint said.

Ransomware in an increasing problem, with ever more sophisticated scams able to befuddle the less technical savvy targets. In the US, ransomware has forced hospitals to payout $100,000 to cyber criminals who appear to lack even a shred of common decency or conscience.

Quiz: What do you know about cybersecurity in 2016?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

View Comments

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago