Ransomware targeting US government agencies and education institutions, has been discovered by cyber security researchers from Proofpoint.
Dubbed MarsJoke, the ransomware was uncovered in late August and found to be hiding behind email that convincingly resembled those from a major yet unnamed national US airline.
“This is a departure from the much more frequent attached document campaigns we have observed recently with a range of malware, including the widely distributed Locky ransomware,” the researchers said.
“The messages in this campaign used a convincing email body and had a variety of Subject lines referencing a major national air carrier, adding an air of legitimacy to the lures with stolen branding.”
Once the victims do this they are taken to a malicious URL which infects the victim’s computer with the MarsJoke ransomware. Once infected, files on the target machine get encrypted and files are created with names such as “ReadMeFilesDecrypt!!!.tx” as a means to alert victims that their machine has been infected.
The user’s desktop is also changed to display a message declaring the victim’s personal files are encrypted and they have 96 hours to submit a Bitcoin payment otherwise the filed will remain encrypted indefinitely.
Victims are also warned not to try and remove the ransomware otherwise the decryption key will be lost. As step-by-step guide is provided to instruct the victims on how to pay the cyber criminals.
Proofpoint’s researchers said MarsJoke is no ordinary ransomware and appears to be backed up by a capable cyber criminal operation.
It is worth noting however, the sample emails provided by Proofpoint were littered with errors that should server as a warning to victims that they may have not come from a legitimate source. Nevertheless, the ransomware appears to have the potential to wreak havoc on its victims, particularly when they are part of the public sector.
“Educational institutions and state and local governments are often seen as easy targets because they lack the infrastructure and funding to ensure robust backups and strong defensive resources are in place to prevent and mitigate infections,” Proofpoint said.
Ransomware in an increasing problem, with ever more sophisticated scams able to befuddle the less technical savvy targets. In the US, ransomware has forced hospitals to payout $100,000 to cyber criminals who appear to lack even a shred of common decency or conscience.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
I am pleased to read your blog post