MarsJoke Ransomware Targets US Government And Education Institutions

Ransomware targeting US government agencies and education institutions, has been discovered by cyber security researchers from Proofpoint.

Dubbed MarsJoke, the ransomware was uncovered in late August and found to be hiding behind email that convincingly resembled those from a major yet unnamed national US airline.

“This is a departure from the much more frequent attached document campaigns we have observed recently with a range of malware, including the widely distributed Locky ransomware,” the researchers said.

“The messages in this campaign used a convincing email body and had a variety of Subject lines referencing a major national air carrier, adding an air of legitimacy to the lures with stolen branding.”

MarsJoke threat

The ransomware appears to have used Kelihos, a well-known botnet, for its distribution and spreads an email to its victims about a tracked parcel from the airline carrier prompting them to click on a link in the email to track the parcel.

Once the victims do this they are taken to a malicious URL which infects the victim’s computer with the MarsJoke ransomware. Once infected, files on the target machine get encrypted and files are created with names such as “ReadMeFilesDecrypt!!!.tx” as a means to alert victims that their machine has been infected.

The user’s desktop is also changed to display a message declaring the victim’s personal files are encrypted and they have 96 hours to submit a Bitcoin payment otherwise the filed will remain encrypted indefinitely.

Victims are also warned not to try and remove the ransomware otherwise the decryption key will be lost. As step-by-step guide is provided to instruct the victims on how to pay the cyber criminals.

Proofpoint’s researchers said MarsJoke is no ordinary ransomware and appears to be backed up by a capable cyber criminal operation.

It is worth noting however, the sample emails provided by Proofpoint were littered with errors that should server as a warning to victims that they may have not come from a legitimate source. Nevertheless, the ransomware appears to have the potential to wreak havoc on its victims, particularly when they are part of the public sector.

“Educational institutions and state and local governments are often seen as easy targets because they lack the infrastructure and funding to ensure robust backups and strong defensive resources are in place to prevent and mitigate infections,” Proofpoint said.

Ransomware in an increasing problem, with ever more sophisticated scams able to befuddle the less technical savvy targets. In the US, ransomware has forced hospitals to payout $100,000 to cyber criminals who appear to lack even a shred of common decency or conscience.

Quiz: What do you know about cybersecurity in 2016?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

View Comments

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

16 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

17 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

19 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

20 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

21 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

21 hours ago