Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


MarsJoke Ransomware’s Encryption is Flawed, Decryption Key Easily Created

MarsJoke ransom software whose other names are Polyglot and JokeFromMars represents one ransomware family which made its debut in the second last week of September 2016. The malware proliferated through spam mails and targeted K-12 educational and government sectors.

While being pretty active, MarsJoke has drawn many independent security investigators' attention, nevertheless certain major security companies namely Kaspersky and Proofpoint too noticed it.

The ransomware' developers have committed a very big mistake i.e. in the implementation of the malware's so-called arbitrary number generator. According to researchers, one random string, which is weak, inside the main number generator is possibly cracked. Thus they are facilitated with hunting probable keys in a bunch that the generator produces within merely some minutes on an ordinary computer. Threatpost.com posted this, October 3, 2016.

After locking files on a victim's machine, MarsJoke presents one holding page telling the victim he has to make a fee payment so that a decryption code would unlock the files and return him access to them.

Notably, MarsJoke contaminates computers via spam mails that contain harmful RAR archives as attachments. Once the ransomware infects a PC, it blocks the end-user from accessing his data-files followed with substituting his desktop wallpaper by a demand notice for the ransom that requires being paid in the Bitcoin cryptocurrency.

Researchers' curiosity in Polyglot at all aroused because its cryptor shares likewise characteristics with the CTB-Locker ransomware. The missives that Polyglot exhibits accurately resemble those from CTBLocker. Moreover, the payment page, language switch, graphical interface and technique to ask for the encryption code everything are shared likewise.

Meanwhile, Kaspersky elaborates that MarsJoke's developer has committed a mistake during the development of the malware's module that was meant for producing the encryption code. That's good because the researchers were then able to construct the decryptor. According to Kaspersky Lab, there was flaw within MarsJoke's encryption.

The security vendor's main objective is for helping the ransomware's victims regain their encrypted files while not paying to the crooks. Currently, MarsJoke's victims can retrieve their files devoid of any charge, however, incase the malicious ware is updated then the decryptor key mightn't be sufficiently helpful.

» SPAMfighter News - 10/10/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page