Decrypt Files Encrypted by MarsJoke Ransomware - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Decrypt Files Encrypted by MarsJoke Ransomware

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

decrypt-jokefrommars-marsjoke-ransom-message-sensorstechforumJokeFromMars, also known as MarsJoke ransomware uses AES cipher to encrypt files, adding the .a19 and .ap19 file extension to them. The ransomware virus demands 0.7 or 1.1 BTC (depending on it’s variant) payment to cyber-criminals. The good news is that researchers have developed a decryptor for JokeFromMars ransomware and if you have been infected by this malware, now it is possible to decrypt your files for free. We have designed step-by-step instructions to assist with the successful removal and decryption of MarsJoke ransomware, and it is advisable to follow them and reverse the damage done by it.

MarsJoke Ransomware – Quick Background

When it first came out, news broke out that this virus is not limited as to what type of users the virus will target, meaning that there were targeted attacks or spam campaigns oriented towards government facilities and branches of government institutions, even including Police buildings. This opened up to many possible infection scenarios, including using compromised credentials or fake profiles and e-mails to infect computers within the organization.

After such infection has occurred, the JokeFromMars virus drops several files in key Windows folders. ProofPoint Researchers have detected the virus to drop a malicious executable, named “sysmonitor” in one instance, but the names may vary.

The JokeFromMars virus also modifies heavily the Windows Registry editor. It also begins to encrypt files using a strong AES-256 cipher. The virus is pre-programmed to target the following file types:

→.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd,.wmv, .xls, .xlsx, .xps, .xml, .ckp, zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

After encryption MarsJoke drops a ransom note with the following message to victims:

jokefrommars-marsjoke-ransom-message-sensorstechforum

Luckily enough, users now do not have to pay for decryption. Malware researchers Anton Ivanov, Orkhan Mamedov and Fedor Sinitsyn, have broken MarsJoke’s code and have successfully updated Kaspersky’s Rannoh decryptor to decipher files for free. What allowed them to break the code was a mistake the malware writers did when they have put a weak string in the key generator of decryption keys.

We have prepared instructions below to help you successfully decrypt MarsJoke ransomware for free, using Rannoh Decryptor.

MarsJoke Ransomware – Removal and Decryption Instructions

If you want to decrypt your files, it is advisable to first remove the MarsJoke virus in case you still have it on your computer. In order to successfully remove it. We advise you to use these instructions to fully delete it:

Avatar

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...