MARRACRYPT Ransomware
The MARRACRYPT Ransomware is a newly spotted data-encrypting Trojan. This Trojan belongs to the HERMES Ransomware family, which means that the creators of the MARRACRYPT Ransomware did not build this threat from scratch.
MARRACRYPT ransomware steals money by encrypting files and demanding a ransom for their return. It makes almost every important and personal file on a computer useless by encrypting them and changing their file extension to .MARRA. If you happen to notice the MARRACRYPT ransomware on your computer then you need to act quickly to get rid of it.
MARRACRYPT is a kind of ransomware that is able to target any and every version of Windows, including Windows 7, 8.1, and 10. MARRACRYPT hides inside other files that appear to be legitimate and come from legitimate sources. When the file is accessed, it executes the MARRACRYPT program. The virus scans the drives on the computer to find files to encrypt. It will target most common file types including images, documents, and videos. It may spread across an entire computer and encrypt system files, rendering the entire computer useless. Once it has done encrypting everything, it drops a ransom note on the computer that contains instructions on how to decrypt files. The note reads:
MARRACRYPT 1.0 RANSOMWARE
Your files has been encrypted using RSA-4096 algorithm with unique public-key stored on your PC.
There is only one way to get your files back: contact with us, pay, and get decryptor software.
We accept Bitcoin, and other cryptocurrencies, you can find exchangers on bestbitcoinexchange.io
You have unique idkey (in a yellow frame), write it in letter when contact with us.
Also you can decrypt 2 files as a test, its a guarantee we can decrypt your files.
!!! IDKEY !!!
-
:: CONTACT INFORMATION ::
E-mail #1: newpatek@cock.li
E-mail #2: onmywrist@cock.li
How Did MARRACRYPT Get on your Computer?
Cybercriminals have several different ways to get MARRACRYPT on to a computer. The main attack method here is the use of spam emails. The attackers send hundreds of thousands of emails containing ransomware in the hopes that someone opens them. These emails are designed to look like emails from official sources. MARRACRYPT uses emails that suggest the postal service attempted to deliver a package but were unable to. You have to click the attachment to find out more and reschedule the delivery. As soon as you open the attachment though, the only thing that happens is your computer gets a nasty virus.
On top of using spam email campaigns, MARRACRYPT can infect computers through vulnerabilities in software and the actual Windows operating system. That’s why it’s always important to keep software updated. An update could be designed to plug a hole that viruses are using to infect computers.
What Does MARRACRYPT Do?
Once MARRACRYPT gets on to a computer it scans the computer for files it can encrypt. It changes their file extension to .MARRA and encrypts them using advanced encryption techniques. The files are inaccessible once they have been changed like this. The ransomware then drops a ransom note in any folder with an infected file – along with one on the desktop for good measure. The ransom note contains information on where victims should send money – and how much money – to get a decryption key to restore their computer.
Experts always recommend against paying for the decryption code. Attackers are rarely true to their word and you have no guarantee things will go as they say and just disappear. It’s always best to find ways to remove MARRACRYPT ransomware on your own without having to pay anything.
