JokeFromMars Ransomware
Posted: September 20, 2016
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 96 |
| First Seen: | September 20, 2016 |
|---|---|
| Last Seen: | April 27, 2023 |
| OS(es) Affected: | Windows |
The JokeFromMars Ransomware is a Trojan that encrypts your files and then generates a Mars-themed ransom message on your desktop. This attack solicits ransom payments for decrypting and restoring your content back to normal, although most PC users should avail themselves of other solutions, such as using a backup. Your anti-malware software should be capable of finding and uninstalling the JokeFromMars Ransomware, like most data encoding Trojans, before its payload finishes.
A Cosmic Joke on Your File System
Thanks to the ready availability of both free code (such as Hidden Tear) and rental 'kits' that enable the construction of new Trojans from a baseline template, con artists are quick to launch new threat campaigns utilizing file encryption as their attack strategy of choice. Most samples include new themes and slight differences in how they format their extortion demands, but, for the victim, continue offering the same dangers as always. The JokeFromMars Ransomware, like many ransomware-based Trojans before it, leverages encryption technology for blocking your data while using a combination of text, advanced HTML, and static images to profit off of the situation.
The JokeFromMars Ransomware scans the infected for non-Windows OS files and encrypts them using an unknown (but most likely AES-derived) algorithm, preventing other programs from using them. Unlike most file encryption-based threats, malware experts have yet to connect any customized extensions to the JokeFromMars Ransomware, such as the usual '.encrypted' or '.locked' strings.
After a successful encryption attack, the JokeFromMars Ransomware resets the desktop wallpaper to a static file it provides, delivering both a Mars-themed image and an extortion message for letting you buy back your files. The overall structure of the JokeFromMars Ransomware's ransom demands continues relying on the TOR-based anonymity and Bitcoin transactions, both of which are current standards for threatening data encryption campaigns. Some variants also may deviate from the above by delivering extraneous instructions via a Notepad text or advanced HTML pop-up windows, although malware experts can't confirm this with the current samples of the JokeFromMars Ransomware.
Blasting the JokeFromMars Ransomware Back Off to Space
By encoding the contents of your hard drive until you make a payment, the JokeFromMars Ransomware creates the digital equivalent of a hostage crisis. However, much like real hostage-takers, giving in to the JokeFromMars Ransomware's demands may result in undesirable consequences, such as being given a badly-coded decryptor that can cause more damage to your already enciphered content. Making backups of your content and storing it on an external server or device remains the method by which malware experts can most strongly recommend protecting your data from the JokeFromMars Ransomware's encryption attacks.
The JokeFromMars Ransomware's infection methods are most likely using disguised downloads, such as e-mail attachments or mislabeled social networking links, for targeting new victims. Avoid downloads from potentially risky sources and double-check any suspicious files with your anti-malware tools, which should be able to identify the JokeFromMars Ransomware's installers before the Trojan can begin encrypting any information. There are no visual symptoms associated with the JokeFromMars Ransomware's installation and payload that occur until after its encryption finishes, putting the stress, as usual, on preventative security protocols.
While your anti-malware products can remove the JokeFromMars Ransomware on a case by case basis, they can't decode enciphered files. Surf the Web with the same healthy degree of caution and respect that a scientist would use while examining the surface of a dead planet and the JokeFromMars Ransomware should continue collecting a minimum of ransoms.