US government agencies hit by ‘MarsJoke’ ransomware attack

27 Sep 2016

Ransomware attacks are proving to be easy pickings for cyberattackers. Image: Bacho/Shutterstock

US local government agencies and education institutions are being hit by a ransomware attack that gives them just 96 hours to pay up or be denied access to their computers.

Unearthed by Proofpoint, the MarsJoke ransomware is a large-scale attack that distributes machine-locking malware, by using emails claiming to be from airlines as a way in.

Ransomware is a serious issue and is on the rise.

Unsuspecting workers can easily succumb to a phishing attack, and unless companies send a payment, hackers won’t let them access their computing systems.

The crime spree is being made all the worse because the companies are paying up.

Hackers are estimated to be on track to make $1bn from ransomware this year, according to a report by the Herjavec Group.

Pay up or be locked out

MarsJoke attack screen

MarsJoke attack screen: what infected users are greeted with

The ease with which hackers can attack companies and siphon off ransoms is making it an increasingly attractive crime.

In the latest MarsJoke attack, victims will receive an innocent looking email about tracking a parcel. By clicking on a link, they are taken to a URL hosting a file named “file_6.exe” which infects the machine with MarsJoke.

This will then encrypt files and create new files with instructions on how companies can pay a ransom of 0.7 Bitcoin ($320) to regain access to their computers.

If users don’t pay within 96 hours, all files on the infected computer will be permanently encrypted.

Ransomware has become a billion dollar a year industry for cybercriminals, according to the FBI.

“In the case of the MarsJoke campaign described here, K12 educational institutions, and state and local governments, are often seen as easy targets because they lack the infrastructure and funding to ensure robust backups and strong defensive resources are in place to prevent and mitigate infections.

“MarsJoke does not appear to be ‘just another ransomware’, though. The message volume and targeting associated with this campaign bear further monitoring, as attackers look to monetise new variants and old strains saturate potential victims.”

Ransomware. Image:Bacho/Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years