Mars Ransomware

The Mars Ransomware is a file-locking Trojan that can block your computer's text documents, archives, pictures and other media formats. This Trojan is threatening to Windows users who don't keep properly-secured backups on secondary devices particularly. Have an anti-malware service identify and stop its installation, when possible, or use them for removing the Mars Ransomware as soon as practical afterward to keep any more file from becoming encrypted.

A Red Planet Suddenly Becomes Your Files' Problem

The Major Ransomware, a conventional type of file-locker Trojan that shares ransoming components with Cube Ransomware, is taking on a new name for its attacks against vulnerable PC owners. This variant is called the Mars Ransomware and may be either being sent out by the same criminal with new accounts or a different group. Its attack, however, offers little other than superficial embellishments to the well-established practice of holding computer data hostage for money.

The Mars Ransomware is, interestingly, using infection vectors that are affecting Windows users in Palestine, although it's not likely that it's targeting that country exclusively. After compromising the computer, it searches for encryptable files, which generally excludes any part of the operating system, but includes the user's pictures, documents, spreadsheets, archives, and, in some cases, even program executable. It also changes filenames by adding a serial, one of the threat actor's e-mail addresses (without the traditional bracket enclosure) and a '.mars' extension.

The Mars Ransomware's main point of blatant correlation with the Major Ransomware is, like with the Cube Ransomware, its ransoming message, which is a plain text file, but without any extension other than the Trojan's '.mars' one. While the instructions tell users about purchasing Bitcoins, they don't give a price or a wallet, and, instead, recommend contacting one of the e-mail accounts for the threat actor's help. While malware analysts find no available, public decryptor for the Mars Ransomware's minor family, victims should always attempt every other possibility before paying criminals for an uncertain service.

Escaping the Orbit of a Mars Ransomware Attack

Victims of the Mars Ransomware's attacks may not have a readily-available decryption solution that can undo the encryption that makes their files illegible directly. As an alternate means of recovery, all users can keep their backups on safe drives that aren't at risk from the attacks of file-locking Trojans, which can target even unmapped network shares and erase local backup information. Ideally, malware experts advise saving files to a removable device or a cloud server with appropriate security protocols for any file-writing privileges.

The cost of the Mars Ransomware ransom may be undefined, but most file-locking Trojans use infection strategies that any user can prevent easily. Adhering to appropriate password management, updating all software when it's appropriate, and deactivating features like Word macros or browser JavaScript will offer protection from a drive-by-download infection. Anti-malware utilities should be deleting the Mars Ransomware with little difficulty since it lacks the kernel-level persistence of a rootkit or much in the way of obfuscation.

The Mars Ransomware's endangering Middle Easterners brings up the question of how specialized its infection techniques might be, which could include regional references in documents or highly-specific language choices. However, malware experts find file-locking Trojan attacks all over the world, and national borders aren't of much concern to an extortionist.