An indicator of just how gullible we are is the fact that emails with socially engineered subject lines like “Check your tracking number, track your package” et al., are still getting through. And users are silly enough to click on them.
On 22 September, Proofpoint noted the non-linear, large scale attack of a new Windows ransomware variant it has dubbed MarsJoke. The original campaign was aimed at US government and educational Institutions and the “tracking” link accessed “file_6.exe. The campaign also attacked smaller numbers for healthcare, telecommunications, insurance, and several other verticals.
The emails were purportedly from major national airlines and freight carriers and looked legitimate with logos and advertising in them.
This strain of ransomware hasn't been documented before. There were hundreds of thousands of messages involved with this campaign, which used URLs to malware hosted on several freshly registered domains
{loadposition ray}
Vice-president of threat operations at Proofpoint, Kevin Epstein, said, “The explosion of ransomware we're facing makes MarsJoke feel like 'just another ransomware' - but to the state agency or high school that ends up paying sizeable ransoms or losing critical data, this is hardly ordinary.
"Three things set this campaign apart from other recent ransomware attacks: the use of so-called hosted ransomware, the targeting, and the scale. While it hasn't reached the scale of an average Locky attack, combined with the known targeting, this MarsJoke campaign is significant."
