• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 5th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » MarsJoke Ransomware Targeting Educational, Government Agencies

MarsJoke Ransomware Targeting Educational, Government Agencies

September 27th, 2016 Agan Uzunovic Malware, Security 0 comments
MarsJoke Ransomware Targeting Educational, Government Agencies
Share on FacebookShare on Twitter
The Primary target of MarsJoke Ransomware is .EDU and .GOV Entities.

Ransomware has become a multi-billion dollar industry and every week we come face-to-face with one type of ransomware scam or another. MarsJoke is the latest campaign to hit the governmental agencies and educational institutions and it is something that you need to know about.

There is a string identified in the coding of this new ransomware, which reads “HelloWorldItsJokeFromMars.” This is what inspired the name of the new ransomware creating havoc on the internet nowadays. MarsJoke represents a large-scale email phish campaign the key targets of which are local and federal government agencies and academic institutions within the United States.

[q]Hello World Its Joke From Mars[/q]

According to Proofpoint researchers, “K12 educational institutions and state and local governments are often seen as easy targets because they lack the infrastructure and funding to ensure robust backups and strong defensive resources are in place to prevent and mitigate infections.”

[linkformat][/linkformat]

The infected user needs to pay a ransom of 0.7BTC, which is an equivalent of $320, within 96hours. If the said time expires, the files will be deleted. According to Proofpoint researchers, “K12 educational institutions and state and local governments are often seen as easy targets because they lack the infrastructure and funding to ensure robust backups and strong defensive resources are in place to prevent and mitigate infections.”

Must Read: This Ransomware Exposes Users’ Location Data on the Internet

A screenshot shared by Proofpoint shows the readme file that comes with the ransomware:

marsjoke-ransomware-targeting-educational-institutions-government-agnecies

Image Source: ProofPoint

Also Read: Hackers Selling FUD Stampado Ransomware for Just $39

In a blog post, Proofpoint researchers explained that this new ransomware is quite similar to the CryptFile2 campaigns but from the way it operates, it is similar to CTB-Locker. This means the botnet Kelihos is playing a part in distributing the spam.

This particular campaign was discovered by ProofPoint on September 22, and it was learned that this email campaign utilizes a range of subject lines referencing a high profile national air carrier and package tracking. These steps make the campaign look legit. There are URLs contained in the emails that have links to an executable file named as file_6.exe. However, experts believe that apart from attacking government and K-12 educational institutions, some healthcare, insurance, and telecommunication companies have also been targeted by MarsJoke. Mostly, it has been observed, that the ransomware targets companies and agencies that cannot ignore threats like these.

As per the observation of ProofPoint, the computers affected by MarsJoke turn their Windows desktop background to black screen and the ransom message gets displayed in a dialogue box along with the message that “documents, scripts, photos and other important files have been encrypted with strongest encryption algorithm AES-265 and unique key, generated by this computer.”

marsjoke-ransomware-targeting-educational-institutions-government-agnecies-2

Image Source: ProofPoint

[fullsquaread][/fullsquaread]

Must Read: The Nastiest of all Ransomware Mamba Encrypts Entire Hard Drive

This shows, the ransom message appears in English language but ProofPoint researchers have also noted Russian, Spanish, Ukrainian and Italian messages.

[src src=”Source” url=”https://www.proofpoint.com/us/threat-insight/post/MarsJoke-Ransomware-Mimics-CTB-Locker”]ProofPoint[/src]

[src src=”Image Source” url=”https://www.nasa.gov/sites/default/files/thumbnails/image/df-20457_rv2.jpg”]NASA[/src]

  • Tags
  • Bitcoin
  • Cyber Crime
  • Goverment
  • hacking
  • internet
  • Malware
  • Privacy
  • Ransomware
  • security
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Voters' Database of 2.9 Million State of Louisiana Natives Leaked Online
Next article OS X devices targeted by APT28 group with new Trojan called Komplex
Agan Uzunovic

Agan Uzunovic

Agan Uzunovic is a Bosnian journalist who is working for the country's largest newspaper. He has a keen interest in reporting on activism and hacktivism. He is also a contributor at U.S based Revolution News media. Agan reports and writes for HackRead on IT security related topics.

Related Posts
Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

Flawed Implementation of RCS Standard putting data of millions at risk

Flawed Implementation of RCS Standard putting data of millions at risk

This Smartwatch is exposing real-time location data of thousands of kids

This Smartwatch is exposing real-time location data of thousands of kids

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors
Cyber Attacks

Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

102
Flawed Implementation of RCS Standard putting data of millions at risk
Security

Flawed Implementation of RCS Standard putting data of millions at risk

355
3 arrested, 30,000+ piracy sites shut down in global operation IOSX
News

3 arrested, 30,000+ piracy sites shut down in global operation IOSX

533
This Smartwatch is exposing real-time location data of thousands of kids
Privacy

This Smartwatch is exposing real-time location data of thousands of kids

2409

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us