Mars Ransomware Description
The Mars Ransomware is a file-locking Trojan that can block your computer's text documents, archives, pictures and other media formats. This Trojan is threatening to Windows users who don't keep properly-secured backups on secondary devices particularly. Have an anti-malware service identify and stop its installation, when possible, or use them for removing the Mars Ransomware as soon as practical afterward to keep any more file from becoming encrypted.
A Red Planet Suddenly Becomes Your Files' Problem
The Major Ransomware, a conventional type of file-locker Trojan that shares ransoming components with Cube Ransomware, is taking on a new name for its attacks against vulnerable PC owners. This variant is called the Mars Ransomware and may be either being sent out by the same criminal with new accounts or a different group. Its attack, however, offers little other than superficial embellishments to the well-established practice of holding computer data hostage for money.
The Mars Ransomware is, interestingly, using infection vectors that are affecting Windows users in Palestine, although it's not likely that it's targeting that country exclusively. After compromising the computer, it searches for encryptable files, which generally excludes any part of the operating system, but includes the user's pictures, documents, spreadsheets, archives, and, in some cases, even program executable. It also changes filenames by adding a serial, one of the threat actor's e-mail addresses (without the traditional bracket enclosure) and a '.mars' extension.
The Mars Ransomware's main point of blatant correlation with the Major Ransomware is, like with the Cube Ransomware, its ransoming message, which is a plain text file, but without any extension other than the Trojan's '.mars' one. While the instructions tell users about purchasing Bitcoins, they don't give a price or a wallet, and, instead, recommend contacting one of the e-mail accounts for the threat actor's help. While malware analysts find no available, public decryptor for the Mars Ransomware's minor family, victims should always attempt every other possibility before paying criminals for an uncertain service.
Escaping the Orbit of a Mars Ransomware Attack
Victims of the Mars Ransomware's attacks may not have a readily-available decryption solution that can undo the encryption that makes their files illegible directly. As an alternate means of recovery, all users can keep their backups on safe drives that aren't at risk from the attacks of file-locking Trojans, which can target even unmapped network shares and erase local backup information. Ideally, malware experts advise saving files to a removable device or a cloud server with appropriate security protocols for any file-writing privileges.
The Mars Ransomware's endangering Middle Easterners brings up the question of how specialized its infection techniques might be, which could include regional references in documents or highly-specific language choices. However, malware experts find file-locking Trojan attacks all over the world, and national borders aren't of much concern to an extortionist.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Mars Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.