Mars Ransomware

Mars Ransomware Description

Mars Ransomware ScreenshotThe Mars Ransomware is a file cryptor Trojan that compromised many users in the last week of April 2019. The Mars Ransomware was reported of appending the '.mars' extension to filenames and rendering user-generated data inaccessible. Computer security researchers warn that the Mars Ransomware is not a new Trojan, but a variant of an older threat called the Major Ransomware (also seen as the Bmps Ransomware). The Mars Ransomware appears to be a slightly altered copy of the Major Ransomware, which is distributed using new email addresses and a new set of 'Command and Control' servers, which hinders static detection. The malware author re-configured the Mars Ransomware to append the '.mars' extension and deliver a note with a new name — 'READ_ME.mars.' For example, 'Leon Battista Alberti.docx' is renamed to 'Leon Battista Alberti.docx.mars' and users are shown the following text:

'All your important files are encrypted.
To recover encrypted files, you need:
1. Buy bitcoins. The easiest way to buy bitcoins is the LocalBitcoins site. You must register, click "Buy Bitcoins" and select a seller by payment method and price. https://localbitcoins.com/buy_bitcoins
You can also find other places to buy bitcoins and a beginner’s guide here:
http://www.coindesk.com/information/how-can-i-buy-bitcoins/
write to google how to buy bitcoin in your country?
to guarantee the availability of our key
we can decrypt three files for free.
2. Send bitcoins to the address you receive in the mail. After payment, we will send a decryption program
Do not try to decrypt your files using third-party programs, decoders. You only damage your data and lose them forever.
Only we can decrypt your data!
Contact email address rootcopper@aol.com or rootcopper@tutanota.com or rootcopper@protonmail.com'

Regretfully, there is no way to take back the lost data, if you have not made data backups recently. Contacting the ransomware actors via the 'rootcopper@aol.com, the 'rootcopper@tutanota.com' and the 'rootcopper@protonmail.com' email accounts is ill-advised as you may lose your money. Paying the cybercriminals is never a good idea since their goal is to make you pay — not the delivery of professional data recovery services. You might want to purge the files left from the Mars Ransomware using a respected anti-malware tool and use a backup manager to return your memory storage to normal.

Related Posts

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.