JokeFromMars, also known as MarsJoke ransomware uses AES cipher to encrypt files, adding the .a19 and .ap19 file extension to them. The ransomware virus demands 0.7 or 1.1 BTC (depending on it’s variant) payment to cyber-criminals. The good news is that researchers have developed a decryptor for JokeFromMars ransomware and if you have been infected by this malware, now it is possible to decrypt your files for free. We have designed step-by-step instructions to assist with the successful removal and decryption of MarsJoke ransomware, and it is advisable to follow them and reverse the damage done by it.
MarsJoke Ransomware – Quick Background
When it first came out, news broke out that this virus is not limited as to what type of users the virus will target, meaning that there were targeted attacks or spam campaigns oriented towards government facilities and branches of government institutions, even including Police buildings. This opened up to many possible infection scenarios, including using compromised credentials or fake profiles and e-mails to infect computers within the organization.
After such infection has occurred, the JokeFromMars virus drops several files in key Windows folders. ProofPoint Researchers have detected the virus to drop a malicious executable, named “sysmonitor” in one instance, but the names may vary.
The JokeFromMars virus also modifies heavily the Windows Registry editor. It also begins to encrypt files using a strong AES-256 cipher. The virus is pre-programmed to target the following file types:
→.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd,.wmv, .xls, .xlsx, .xps, .xml, .ckp, zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
After encryption MarsJoke drops a ransom note with the following message to victims:
Luckily enough, users now do not have to pay for decryption. Malware researchers Anton Ivanov, Orkhan Mamedov and Fedor Sinitsyn, have broken MarsJoke’s code and have successfully updated Kaspersky’s Rannoh decryptor to decipher files for free. What allowed them to break the code was a mistake the malware writers did when they have put a weak string in the key generator of decryption keys.
We have prepared instructions below to help you successfully decrypt MarsJoke ransomware for free, using Rannoh Decryptor.
MarsJoke Ransomware – Removal and Decryption Instructions
If you want to decrypt your files, it is advisable to first remove the MarsJoke virus in case you still have it on your computer. In order to successfully remove it. We advise you to use these instructions to fully delete it: