The file-locking malware known as ransomware is the biggest security threat this year. Researchers are saying that the total damage cost wrought by this terrible strain of malicious software may reach $1 billion in 2016 alone.
Due to its profitability, ransomware is becoming the common cybercriminal's favorite method of attack - it's easy to mass deploy, payoffs can be substantial, and with the use of Bitcoin as currency, payment exchanges can be virtually anonymous.
Ransomware is also constantly evolving, making it harder for security software to detect. With ever-changing infection tactics, newer encryption methods and decryption keys, it is a never-ending cat-and-mouse game as security companies and law enforcement agencies try to keep up with all the emerging ransomware variants being pumped out every day.
Now, one of these newly discovered variants is especially more aggressive than most. This new type won't even give you time to think - it threatens to delete your files if you don't pay the ransom within 96 hours.
Dubbed "MarsJoke" by security researchers from Proofpoint, it is said to be targeting government and educational institutions in the U.S. for now but it could expand to include large/small businesses and individuals in the near future. The name comes from a string contained within the malware's code: "HelloWorldItsJokeFromMars."
First discovered on September 22, Marsjoke's current vector is distributed via email claiming to have tracking information from an airline, which of course contains a malicious link that deploys the ransomware.
The email reads:
"my dear customer, we are glad to let you be aware that your postal parcel #233526573 has been dispatched. in case you are out to check up your postal parsel and keep an eye on the pathway of this parcel, make no difficulty to use the tracking number provided in the file below."
The awkwardly translated English should be a dead giveaway that it's fraudulent but clicking on the provided link will take the victim to a URL with the "file_6.exe" executable, which will launch the ransomware attack. By using a direct link to the executable, MarsJoke's vector is slightly different from other ransomware variants, such as Locky, that uses malicious document attachments instead to infect machines.
When the MarsJoke executable is launched, it starts encrypting the victim's files and drops various text and bat files with instructions on how to unlock them. Scarier still, the target computers' desktop is changed to an ominous image with a 96-hour countdown timer that threatens to permanently encrypt the victim's files if the ransom is not paid within the time period allotted. The ransom demand appears to be 0.7 Bitcoin, equivalent to about $320.
MarsJoke's masters also provide a "convenient" help web panel page with instructions on how to get the Bitcoin currency for the ransom payment.
Although the researchers did not specify if the malware follows up on its promise of actually deleting or permanently encrypting the victim's files after the 96 hours expire, they are saying that since it's a new strain, there is currently no way to decrypt the files without paying the ransom.
With MarsJoke's campaign against government and educational institutions, the researchers say that they are seen as easy targets due to the lack of infrastructure and funding for strong defensive tactics such as backups and security software to be deployed as safeguards against malware attacks.
Also, should you pay your ransomware attacker? Listen to our free Scared Sh!tless podcast posted below.
It's now clear that ransomware is becoming hackers' go-to choice. Whether you're aiming to protect yourself, your family or even your business, you need a solid plan of action. That's why it's critical that you follow these steps.
1. Stop ransomware at a distance: Your best option to defeat ransomware is to keep it off your computers in the first place. Keeping your operating system and web browser up to date is critical. Security holes in these areas can let hackers bypass your security software to slip files onto your system. Learn how to install the latest updates for Windows, and how to make your web browser hacker-proof.
2. Stop ransomware before it runs: If you end up with hidden ransomware in your inbox hat doesn't mean that the game is over. In fact, there's a simple way you can stop the ransomware before it starts. Don't click anything that looks suspicious.
3. Have solid online security protection: This is a no-brainer. If you use the internet, then you need to have solid internet protection.