Decrypt Files Encrypted by MarsJoke Ransomware - How to, Technology and PC Security Forum |

Decrypt Files Encrypted by MarsJoke Ransomware


with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by MarsJoke and other threats.
Threats such as MarsJoke may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

decrypt-jokefrommars-marsjoke-ransom-message-sensorstechforumJokeFromMars, also known as MarsJoke ransomware uses AES cipher to encrypt files, adding the .a19 and .ap19 file extension to them. The ransomware virus demands 0.7 or 1.1 BTC (depending on it’s variant) payment to cyber-criminals. The good news is that researchers have developed a decryptor for JokeFromMars ransomware and if you have been infected by this malware, now it is possible to decrypt your files for free. We have designed step-by-step instructions to assist with the successful removal and decryption of MarsJoke ransomware, and it is advisable to follow them and reverse the damage done by it.

MarsJoke Ransomware – Quick Background

When it first came out, news broke out that this virus is not limited as to what type of users the virus will target, meaning that there were targeted attacks or spam campaigns oriented towards government facilities and branches of government institutions, even including Police buildings. This opened up to many possible infection scenarios, including using compromised credentials or fake profiles and e-mails to infect computers within the organization.

After such infection has occurred, the JokeFromMars virus drops several files in key Windows folders. ProofPoint Researchers have detected the virus to drop a malicious executable, named “sysmonitor” in one instance, but the names may vary.

The JokeFromMars virus also modifies heavily the Windows Registry editor. It also begins to encrypt files using a strong AES-256 cipher. The virus is pre-programmed to target the following file types:

→.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd,.wmv, .xls, .xlsx, .xps, .xml, .ckp, zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

After encryption MarsJoke drops a ransom note with the following message to victims:


Luckily enough, users now do not have to pay for decryption. Malware researchers Anton Ivanov, Orkhan Mamedov and Fedor Sinitsyn, have broken MarsJoke’s code and have successfully updated Kaspersky’s Rannoh decryptor to decipher files for free. What allowed them to break the code was a mistake the malware writers did when they have put a weak string in the key generator of decryption keys.

We have prepared instructions below to help you successfully decrypt MarsJoke ransomware for free, using Rannoh Decryptor.

MarsJoke Ransomware – Removal and Decryption Instructions

If you want to decrypt your files, it is advisable to first remove the MarsJoke virus in case you still have it on your computer. In order to successfully remove it. We advise you to use these instructions to fully delete it:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share