MarioLocker Ransomware
Posted: November 28, 2019
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 9 |
First Seen: | November 29, 2019 |
---|---|
Last Seen: | September 10, 2021 |
OS(es) Affected: | Windows |
The MarioLocker Ransomware is a file-locking Trojan that can block files through encrypting their internal data, along with modifying their names. Users should have backups as a precautionary defense, although some samples of the MarioLocker Ransomware may provide (or claim to provide) either premium or free decryption solutions. Many anti-malware programs also should be useful at detecting the threat and deleting the MarioLocker Ransomware immediately.
Getting Wasted in a Bad Way
Another file-locking Trojan without a Ransomware-as-a-Service heritage might seem like a rhyming verse in the song begun by threats like the SaveTheQueen Ransomware, the Sun Ransomware or the JesusCrypt Ransomware. The MarioLocker Ransomware is a little different from them, though – both in its visuals and in less-obvious effects. Whether these divergences make a difference or not, however, might be irrelevant to the victims struggling against its traditional encryption feature.
Encryption is a typical function for both legitimate programs and Trojans, the latter of whom use it for blocking documents and other files automatically. In most instances, the encryption isn't reversible without a key that the attacker owns, although malware experts haven't examined the MarioLocker Ransomware's security. The MarioLocker Ransomware also wipes the entirety of each file's name currently but adds a numbered 'wasted' extension at their ends, which is the only remaining text.
The strange technique behind its file name edits also is a theme with the MarioLocker Ransomware, which remains an oddity in its ransoming note. This Notepad message is in English, with grammar errors, and isn't from a template such as a Ransomware-as-a-Service like the Dharma Ransomware. It recommends opening a decryption-related file that it drops on the disk, although this file may or may not be a genuine decryptor that could unlock one's data.
Taking Mario Out to the Cleaners
While the MarioLocker Ransomware's visual symptoms differ from the norm, as a Trojan, it also has some 'underneath the hood' attacks that malware experts stress for being a concern. It disables some Windows tools, like the Command Prompt, the Task Manager, and the Registry Editor – which could help users with detecting the Trojan, removing it, or mitigating its attacks. It also reads Internet cache settings, modifies various certificates – including system ones – and hides some of its components in the Windows directory.
Until decryption's feasibility is determinable, users can protect documents, pictures, and similar files most effectively by copying them over to an appropriately-secure backup device. Fortunately, the MarioLocker Ransomware hasn't been spotted removing local backups. However, deleting locally-accessible backup content is a feature of nearly every dominant force in the file-locking industry today.
Anti-malware products may prevent infections by spotting this Trojan beforehand, although they also should delete the MarioLocker Ransomware without obstacles. The Trojan doesn't, unlike some threats, include any anti-malware or AV products in its software-disabling blacklist.
The MarioLocker Ransomware is an exciting little project by some threat actor who's likely plan is extortion. What the MarioLocker Ransomware wants, or how much, is, sadly, an unknown quantity that the future must reveal.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.