Mars Ransomware

Posted: April 25, 2019

Mars Ransomware Description

The Mars Ransomware is a file-locking Trojan that can block your computer's text documents, archives, pictures and other media formats. This Trojan is threatening to Windows users who don't keep properly-secured backups on secondary devices particularly. Have an anti-malware service identify and stop its installation, when possible, or use them for removing the Mars Ransomware as soon as practical afterward to keep any more file from becoming encrypted.

A Red Planet Suddenly Becomes Your Files' Problem

The Major Ransomware, a conventional type of file-locker Trojan that shares ransoming components with Cube Ransomware, is taking on a new name for its attacks against vulnerable PC owners. This variant is called the Mars Ransomware and may be either being sent out by the same criminal with new accounts or a different group. Its attack, however, offers little other than superficial embellishments to the well-established practice of holding computer data hostage for money.

The Mars Ransomware is, interestingly, using infection vectors that are affecting Windows users in Palestine, although it's not likely that it's targeting that country exclusively. After compromising the computer, it searches for encryptable files, which generally excludes any part of the operating system, but includes the user's pictures, documents, spreadsheets, archives, and, in some cases, even program executable. It also changes filenames by adding a serial, one of the threat actor's e-mail addresses (without the traditional bracket enclosure) and a '.mars' extension.

The Mars Ransomware's main point of blatant correlation with the Major Ransomware is, like with the Cube Ransomware, its ransoming message, which is a plain text file, but without any extension other than the Trojan's '.mars' one. While the instructions tell users about purchasing Bitcoins, they don't give a price or a wallet, and, instead, recommend contacting one of the e-mail accounts for the threat actor's help. While malware analysts find no available, public decryptor for the Mars Ransomware's minor family, victims should always attempt every other possibility before paying criminals for an uncertain service.

Escaping the Orbit of a Mars Ransomware Attack

Victims of the Mars Ransomware's attacks may not have a readily-available decryption solution that can undo the encryption that makes their files illegible directly. As an alternate means of recovery, all users can keep their backups on safe drives that aren't at risk from the attacks of file-locking Trojans, which can target even unmapped network shares and erase local backup information. Ideally, malware experts advise saving files to a removable device or a cloud server with appropriate security protocols for any file-writing privileges.

The cost of the Mars Ransomware ransom may be undefined, but most file-locking Trojans use infection strategies that any user can prevent easily. Adhering to appropriate password management, updating all software when it's appropriate, and deactivating features like Word macros or browser JavaScript will offer protection from a drive-by-download infection. Anti-malware utilities should be deleting the Mars Ransomware with little difficulty since it lacks the kernel-level persistence of a rootkit or much in the way of obfuscation.

The Mars Ransomware's endangering Middle Easterners brings up the question of how specialized its infection techniques might be, which could include regional references in documents or highly-specific language choices. However, malware experts find file-locking Trojan attacks all over the world, and national borders aren't of much concern to an extortionist.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Mars Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Home Malware Programs Ransomware Mars Ransomware