MARRACRYPT Ransomware
The MARRACRYPT Ransomware is a file-locking Trojan that's a variant of the previous Hermes Ransomware. Symptoms of infections include problems with opening the files that it encrypts, different extensions appearing on filenames, and a campaign-specific HTML message with ransom demands. Users with a secure backup should find recovery of lost data easy, and high-quality anti-malware programs can remove the MARRACRYPT Ransomware in nearly all cases.
A One-Way 'Friendship' with Defunct Deities
A threat actor's campaign is giving a new coat of paint to the Hermes Ransomware, a lesser-known file-locking Trojan with a Greek mythological theme. Although variants of this progenitor software do exist, such as the Ryuk Ransomware and the RYK Ransomware, the MARRACRYPT Ransomware is one of the few examples available in the year of 2020. The .NET Framework program endangers most Windows systems with the traditional, three-hit combo of encrypting media, removing their backups and dropping a ransom note for making money.
Malware researchers can only confirm the MARRACRYPT Ransomware's using a single disguise, so far: fake Svchost components for Windows that provide it with some level of deniability while it conducts its attacks. Infection pathways for the Trojan are unknown, currently. Criminals might be introducing the threat to a network after brute-forcing admin logins or using more duplicitous methods, such as spam e-mails or misnamed torrents.
The MARRACRYPT Ransomware encrypts the user's work and private life files, such as documents, pictures, and other media formats, and after that destroys the Restore Point backups with a silent CMD command. Users can, however, find these non-opening files easily through searching for the 'MARRA' extensions and bracketed e-mail addresses that the Trojan places on their names. The name change is an apparent reference to a British slang term for 'friend,' making the MARRACRYPT Ransomware an ironically-dubbed campaign.
Extracting Your Files from a Questionable Relationship
The MARRACRYPT Ransomware includes a local Web page with an ID, e-mail address, and demand for Bitcoins for its unlocking service. It also proclaims itself as being version '1.0' without any references to its old ancestor of the Hermes Ransomware, possibly, for making its encryption seem more secure than it is in actuality. Since the Hermes Decryptor is compatible with free decryption solutions, malware experts suggest testing copies of encrypted data with them before taking any risks concerning ransom payments.
Backup availability also is a lynchpin in recovering from attacks by the MARRACRYPT Ransomware or any of the other Ransomware-as-a-Services that it resembles, such as the Scarab Ransomware, the Globe Ransomware and others. Saving backups to physically disconnected devices or ones with extra security (password protection, admin restrictions, etc.) can remove all danger of media loss from the MARRACRYPT Ransomware infections. Infection prevention by practical methods like avoiding torrents and disabling advanced document content also is necessary for all at-risk Windows environments.
The MARRACRYPT Ransomware has no exceptional evasion metrics, so far. Any competent anti-malware program should uninstall the MARRACRYPT Ransomware or, more preferably, halt its installation exploit in its tracks.
The MARRACRYPT Ransomware is only a 'friend' to the criminal using it for padding his bank account and has no benefits as software to the users that are running it on their PCs. As a purely destructive program, it shows just how much harm can come out of misusing the .NET Framework – and this abuse is going to continue until the profit evaporates.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.