Ransomware From Mars

MarsJoke is the latest ransomware on the malware scene. It gets its name from a phrase in the source code:“HelloWorldItsJokeFromMars.”

It is being distributed by a massive email campaign targeting state and local government agencies and educational institutions in the United States. Once infected, it asks for a ransom of 0.7 BTC or about $320 and gives the victim 96 hours to come up with the monies.

“Ransomware has become a billion dollar a year industry for cyber-criminals,” Proofpoint researchers said, in a blog. “In the case of the MarsJoke campaign described here, K12 educational institutions and state and local governments are often seen as easy targets because they lack the infrastructure and funding to ensure robust backups and strong defensive resources are in place to prevent and mitigate infections.”

Similarities with other known ransomware gives investigators the idea that a well-known botnet, Kelihos, is responsible for distributing the spam.

The subject message refers to a major national air carrier and package-tracking. It leads to an executable file named "file_6.exe" hosted on various sites with recently registered domains.

“This is a departure from the much more frequent attached document campaigns we have observed recently with a range of malware, including the widely distributed Locky ransomware,” the researchers said.

Source: Info Security