Home Malware Programs Ransomware JokeFromMars Ransomware

JokeFromMars Ransomware

Posted: September 20, 2016

Threat Metric

Ranking: 11,855
Threat Level: 8/10
Infected PCs: 63
First Seen: September 20, 2016
Last Seen: September 17, 2021
OS(es) Affected: Windows

The JokeFromMars Ransomware is a Trojan that encrypts your files and then generates a Mars-themed ransom message on your desktop. This attack solicits ransom payments for decrypting and restoring your content back to normal, although most PC users should avail themselves of other solutions, such as using a backup. Your anti-malware software should be capable of finding and uninstalling the JokeFromMars Ransomware, like most data encoding Trojans, before its payload finishes.

A Cosmic Joke on Your File System

Thanks to the ready availability of both free code (such as Hidden Tear) and rental 'kits' that enable the construction of new Trojans from a baseline template, con artists are quick to launch new threat campaigns utilizing file encryption as their attack strategy of choice. Most samples include new themes and slight differences in how they format their extortion demands, but, for the victim, continue offering the same dangers as always. The JokeFromMars Ransomware, like many ransomware-based Trojans before it, leverages encryption technology for blocking your data while using a combination of text, advanced HTML, and static images to profit off of the situation.

The JokeFromMars Ransomware scans the infected for non-Windows OS files and encrypts them using an unknown (but most likely AES-derived) algorithm, preventing other programs from using them. Unlike most file encryption-based threats, malware experts have yet to connect any customized extensions to the JokeFromMars Ransomware, such as the usual '.encrypted' or '.locked' strings.

After a successful encryption attack, the JokeFromMars Ransomware resets the desktop wallpaper to a static file it provides, delivering both a Mars-themed image and an extortion message for letting you buy back your files. The overall structure of the JokeFromMars Ransomware's ransom demands continues relying on the TOR-based anonymity and Bitcoin transactions, both of which are current standards for threatening data encryption campaigns. Some variants also may deviate from the above by delivering extraneous instructions via a Notepad text or advanced HTML pop-up windows, although malware experts can't confirm this with the current samples of the JokeFromMars Ransomware.

Blasting the JokeFromMars Ransomware Back Off to Space

By encoding the contents of your hard drive until you make a payment, the JokeFromMars Ransomware creates the digital equivalent of a hostage crisis. However, much like real hostage-takers, giving in to the JokeFromMars Ransomware's demands may result in undesirable consequences, such as being given a badly-coded decryptor that can cause more damage to your already enciphered content. Making backups of your content and storing it on an external server or device remains the method by which malware experts can most strongly recommend protecting your data from the JokeFromMars Ransomware's encryption attacks.

The JokeFromMars Ransomware's infection methods are most likely using disguised downloads, such as e-mail attachments or mislabeled social networking links, for targeting new victims. Avoid downloads from potentially risky sources and double-check any suspicious files with your anti-malware tools, which should be able to identify the JokeFromMars Ransomware's installers before the Trojan can begin encrypting any information. There are no visual symptoms associated with the JokeFromMars Ransomware's installation and payload that occur until after its encryption finishes, putting the stress, as usual, on preventative security protocols.

While your anti-malware products can remove the JokeFromMars Ransomware on a case by case basis, they can't decode enciphered files. Surf the Web with the same healthy degree of caution and respect that a scientist would use while examining the surface of a dead planet and the JokeFromMars Ransomware should continue collecting a minimum of ransoms.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to JokeFromMars Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.