Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Kaspersky releases decryption tool that kills the MarsJoke ransomware

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

October 5, 2016

Internet security firm Kaspersky Labs said today it has released a new decryption system that kills the MarsJoke ransomware. This is about three weeks after it was first discovered.

Kaspersky's initiative helps computer victims who are told they have 96 hours or less to pay the 0.7 Bitcoin (US $427) ransom before their data is permanently encrypted and taken hostage.

The MarsJoke ransomware is also known as Polyglot in some circles, and it rapidly spreads itself through a few spam bearing compressed .rar attachments. It's clever, but it isn't rocket science.

When executed on a victim's device, the worm encrypts files and demands payment before the trojan deletes itself and decryption is no longer possible.

Kaspersky warns that while MarsJoke bears the iconography of the popular 2016 CTB-Locker ransomware, including the same payment processes, wallpapers and landing pages, it's code is of poor quality, therefore easy to counteract.

"The MarsJoke/Polyglot ransomware emulates the CTB-Locker virus in almost every way," the Kaspersky researchers assert.

"The creators of Polyglot apparently believed that by mimicking the CTB-Locker worm they could trick users and make them think they are suffering from serious malware, leaving them with no option other than to pay the cybercriminals.

"After careful and deep analysis, Kaspersky experts haven't found any similarities between their malware codes," the Russian security firm said.

Kaspersky senior malware analyst Anton Ivanov says the MarsJoke authors made an unspecified implementation error allowing white hats to kill the malware.

Many ransomware upstarts have been killed thanks to sloppy encryption implementation mistakes which are easily exploited by smart researchers/fixers.

Then, other malware creators make the huge mistake of rolling their own haphazard encryption schemes, while the laziest simply try to scare users into paying for decryption keys already hardcoded into their own ransomware code.

To be sure, the anti-ransomware initiative has been formalised into the NoMoreRansom alliance which unifies a formerly scattered and silo-ed. However, serious efforts by malware researchers to successfully destroy scores of ransomware variants, leaving a few other virusses including the latest Cryptxxx and Cryptowall unbroken.

Recently, security researchers also managed to tame the Wildfire ransomware uploading more than 1600 decryption keys to the project.

Overall, cybercriminals can net a conservatively low US $80,000 to $84,000 a month by creating ransomware that will infect their victims' machines for a small investment of lrdd than $6,2000-- a huge 1425 percent profit margin. The MarsJoke decryption software can be downloaded from Kasperksy.

Source: Kaspersky Labs.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer