Ransomware From Mars
Posted by: Timothy Weaver on 09/27/2016 09:48 AM
[
Comments
]
MarsJoke is the latest ransomware on the malware scene. It gets its name from a phrase in the source code:“HelloWorldItsJokeFromMars.”
“Ransomware has become a billion dollar a year industry for cyber-criminals,” Proofpoint researchers said, in a blog. “In the case of the MarsJoke campaign described here, K12 educational institutions and state and local governments are often seen as easy targets because they lack the infrastructure and funding to ensure robust backups and strong defensive resources are in place to prevent and mitigate infections.”
Similarities with other known ransomware gives investigators the idea that a well-known botnet, Kelihos, is responsible for distributing the spam.
The subject message refers to a major national air carrier and package-tracking. It leads to an executable file named "file_6.exe" hosted on various sites with recently registered domains.
“This is a departure from the much more frequent attached document campaigns we have observed recently with a range of malware, including the widely distributed Locky ransomware,” the researchers said.
Source: Info Security
“Ransomware has become a billion dollar a year industry for cyber-criminals,” Proofpoint researchers said, in a blog. “In the case of the MarsJoke campaign described here, K12 educational institutions and state and local governments are often seen as easy targets because they lack the infrastructure and funding to ensure robust backups and strong defensive resources are in place to prevent and mitigate infections.”
Similarities with other known ransomware gives investigators the idea that a well-known botnet, Kelihos, is responsible for distributing the spam.
The subject message refers to a major national air carrier and package-tracking. It leads to an executable file named "file_6.exe" hosted on various sites with recently registered domains.
“This is a departure from the much more frequent attached document campaigns we have observed recently with a range of malware, including the widely distributed Locky ransomware,” the researchers said.
Source: Info Security
Comments
