MarsJoke Ransomware Targets US Government And Education Institutions

Ransomware targeting US government agencies and education institutions, has been discovered by cyber security researchers from Proofpoint.

Dubbed MarsJoke, the ransomware was uncovered in late August and found to be hiding behind email that convincingly resembled those from a major yet unnamed national US airline.

“This is a departure from the much more frequent attached document campaigns we have observed recently with a range of malware, including the widely distributed Locky ransomware,” the researchers said.

“The messages in this campaign used a convincing email body and had a variety of Subject lines referencing a major national air carrier, adding an air of legitimacy to the lures with stolen branding.”

MarsJoke threat

The ransomware appears to have used Kelihos, a well-known botnet, for its distribution and spreads an email to its victims about a tracked parcel from the airline carrier prompting them to click on a link in the email to track the parcel.

Once the victims do this they are taken to a malicious URL which infects the victim’s computer with the MarsJoke ransomware. Once infected, files on the target machine get encrypted and files are created with names such as “ReadMeFilesDecrypt!!!.tx” as a means to alert victims that their machine has been infected.

The user’s desktop is also changed to display a message declaring the victim’s personal files are encrypted and they have 96 hours to submit a Bitcoin payment otherwise the filed will remain encrypted indefinitely.

Victims are also warned not to try and remove the ransomware otherwise the decryption key will be lost. As step-by-step guide is provided to instruct the victims on how to pay the cyber criminals.

Proofpoint’s researchers said MarsJoke is no ordinary ransomware and appears to be backed up by a capable cyber criminal operation.

It is worth noting however, the sample emails provided by Proofpoint were littered with errors that should server as a warning to victims that they may have not come from a legitimate source. Nevertheless, the ransomware appears to have the potential to wreak havoc on its victims, particularly when they are part of the public sector.

“Educational institutions and state and local governments are often seen as easy targets because they lack the infrastructure and funding to ensure robust backups and strong defensive resources are in place to prevent and mitigate infections,” Proofpoint said.

Ransomware in an increasing problem, with ever more sophisticated scams able to befuddle the less technical savvy targets. In the US, ransomware has forced hospitals to payout $100,000 to cyber criminals who appear to lack even a shred of common decency or conscience.

Quiz: What do you know about cybersecurity in 2016?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

View Comments

Recent Posts

Russia Accused Of Cyberattack On Germany’s Ruling Party, Defence Firms

German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…

2 days ago

Alphabet Axes Hundreds Of Staff From ‘Core’ Organisation

Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…

2 days ago

Apple Announces Record Share Buyback, Amid iPhone Sales Decline

Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…

2 days ago

Tesla Backs Away From Gigacasting Manufacturing – Report

Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant

3 days ago

US Urges No AI Control Of Nuclear Weapons

No skynet please. After the US, UK and France pledge human only control of nuclear…

3 days ago