Malware News Wasted: Kaspersky makes jokers of upstart ransomware VXers

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,008
Kaspersky has released a decryption tool that neuters the MarsJoke ransomware, less than a month after it was first revealed.

The decryption effort is salvation for victims who are told they have 96 hours to pay the 0.7 Bitcoin (US$427) ransom before their data is permanently encrypted.

MarsJoke, also known as Polyglot, spreads through spam bearing compressed .rar attachments.

When executed the ransomware encrypts files and demands payment before the trojan deletes itself and decryption is no longer possible.

Kaspersky says while MarsJoke bears the iconography of the polished and well-known CTB-Locker ransomware, including the same payment processes, wallpapers, and landing pages, it's code is of poor quality.

"The Polyglot ransomware mimics CTB-Locker in nearly every way," researchers say.

"The creators of Polyglot apparently thought that by mimicking CTB-Locker they could trick users, and make them think they are suffering from serious malware, leaving them with no option other than to pay the criminals.

"... after proper analysis, Kaspersky Lab experts haven't found any similarities between their malware codes."

Kaspersky Lab senior malware analyst Anton Ivanov says the MarsJoke authors made an unspecified implementation error allowing the white hats to lay waste to the net menace.

Many ransomware upstarts have been trashed thanks to borked encryption implementation mistakes which are exploited by white hat researchers.

Others make the devastating mistake of rolling their own dodgy encryption schemes, while the laziest VXers simply try to scare users into paying for decryption keys already hardcoded into ransomware code.

The anti-ransomware effort has been formalised into the NoMoreRansom alliance which unifies a formerly scattered and silo-ed, but furious effort by malware researchers to lay ruin to scores of ransomware variants, leaving a scant few including the latest Cryptxxx and Cryptowall unbroken.

Researchers recently scalped the Wildfire ransomware uploading more than 1600 decryption keys to the initiative.

Victims who cannot decrypt their ransomware infections should also try Trend Micro's continually updated decryption tool.

Criminals can net a conservative us$84,000 a month slinging ransomware for an investment of $6000, a whopping 1425 per cent profit margin, trustwave found last year.

The MarsJoke decryption tool can be downloaded from Kasperksy. ®
 

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
Kaspersky has released a decryption tool that neuters the MarsJoke ransomware, less than a month after it was first revealed.

The decryption effort is salvation for victims who are told they have 96 hours to pay the 0.7 Bitcoin (US$427) ransom before their data is permanently encrypted.

MarsJoke, also known as Polyglot, spreads through spam bearing compressed .rar attachments.

When executed the ransomware encrypts files and demands payment before the trojan deletes itself and decryption is no longer possible.

Kaspersky says while MarsJoke bears the iconography of the polished and well-known CTB-Locker ransomware, including the same payment processes, wallpapers, and landing pages, it's code is of poor quality.

"The Polyglot ransomware mimics CTB-Locker in nearly every way," researchers say.

"The creators of Polyglot apparently thought that by mimicking CTB-Locker they could trick users, and make them think they are suffering from serious malware, leaving them with no option other than to pay the criminals.

"... after proper analysis, Kaspersky Lab experts haven't found any similarities between their malware codes."

Kaspersky Lab senior malware analyst Anton Ivanov says the MarsJoke authors made an unspecified implementation error allowing the white hats to lay waste to the net menace.

Many ransomware upstarts have been trashed thanks to borked encryption implementation mistakes which are exploited by white hat researchers.

Others make the devastating mistake of rolling their own dodgy encryption schemes, while the laziest VXers simply try to scare users into paying for decryption keys already hardcoded into ransomware code.

The anti-ransomware effort has been formalised into the NoMoreRansom alliance which unifies a formerly scattered and silo-ed, but furious effort by malware researchers to lay ruin to scores of ransomware variants, leaving a scant few including the latest Cryptxxx and Cryptowall unbroken.

Researchers recently scalped the Wildfire ransomware uploading more than 1600 decryption keys to the initiative.

Victims who cannot decrypt their ransomware infections should also try Trend Micro's continually updated decryption tool.

Criminals can net a conservative us$84,000 a month slinging ransomware for an investment of $6000, a whopping 1425 per cent profit margin, trustwave found last year.

The MarsJoke decryption tool can be downloaded from Kasperksy. ®
Good Job Kaspersky, keep it up :)
Thank you for that interesting share @omidomi :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top