The campaign also targeted healthcare, telecommunications, insurance and other organisations, however in smaller numbers We have noticed you are using an ad blocker To continue providing news and award winning journalism, we rely on advertising revenue. To continue reading, please turn off your ad blocker or whitelist us . A new active ransomware campaign has been detected targeting US government and educational institutions. The ransomware was dubbed MarsJoke after researchers uncovered a "string contained within the code: ‘HelloWorldItsJokeFromMars’". The ransomware gives victims 96 hours to pay up the ransom, after which it begins deleting files. Proofpoint researchers ascertained MarsJoke to be part of a "large-scale" email campaign, being distributed via the Kelihos botnet. The ransomware developers are demanding victims pay up $320 (0.7 bitcoins). The primary targets appear to be US state and local governments as well as K-12 educational institutions. The campaign also targeted healthcare, telecommunications, insurance and other organisations, however in "smaller numbers". Why advertise with us Proofpoint researchers said : "On September 22, Proofpoint detected a large MarsJoke ransomware email campaign. Emails contained URLs linking to an executable file named "file_6.exe" hosted on various sites with recently registered domains, apparently for the purpose of supporting this campaign. This is a departure from the much more frequent attached document campaigns we have observed recently with a range of malware, including the widely distributed Locky ransomware . " Victims lured with ‘convincing’ content In efforts to lure in victims, the ransomware’s email campaign was found to be using "convincing" content, with a wide variety of subject lines "referencing a major national air carrier, adding an air of legitimacy to the lures with stolen branding". Some of the subject headings used in the emails included, "checking tracking number", "check your package" and "tracking information". MarsJoke ransomware’s ransom message displayed […]
