Marnet Ransomware is a New MedusaLocker Variant

Marnet is a ransomware variant that encrypts and then renames files, leaving behind a ransom note in the form of an HTML file.

It belongs to the MedusaLocker family and modifies filenames by adding a number to the extension. The ransom note states that victims cannot decrypt their files without the help of attackers, and warns them that any attempts to restore files using third-party software will result in permanent damage.

Cybercriminals can be contacted through a Tor website or two email addresses provided in the ransom note. They also threaten to increase the price of decryption if victims do not contact them within 72 hours.

Marnet was discovered while examining malware samples submitted to online threat dabatases. It encrypts and renames files, adding a numerical extension to each filename. The ransom note informs victims that they must contact attackers for decryption tools, as attempting to restore files with third-party software will cause permanent damage.

What is inside the Marnet ransom note?

The full text of the ransom note generated by the Marnet ransomware reads as follows:

YOUR PERSONAL ID:

/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion

  • Note that this server is available via Tor browser only

Follow the instructions to open the link:

  1. Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor site.
  2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.
  3. Now you have Tor browser. In the Tor Browser open qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion
  4. Start a chat and follow the further instructions.
    If you can not use the above link, use the email:
    ithelp01@decorous.cyou
    ithelp01@wholeness.business

To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.

How can ransomware similar to the Marnet ransomware infect your system?

Ransomware similar to Marnet can infect your system in a variety of ways. The most common way is through malicious links or attachments sent via email, social media, or other messaging platforms. These malicious links and attachments often contain malicious code that can be executed when opened, allowing the ransomware to gain access to your system. Additionally, ransomware can be spread through malicious websites and software downloads. It is important to be cautious when downloading files from unknown sources and to avoid clicking on suspicious links or attachments. Finally, ransomware can also spread through unsecured networks, so it is important to ensure that all of your devices are properly secured with strong passwords and up-to-date antivirus software.

What is the best way to safeguard your personal files from ransomware similar to the Marnet ransomware?

The best way to safeguard your personal files from ransomware similar to the Marnet ransomware is to practice good cyber hygiene. This includes regularly backing up your data, using strong passwords and two-factor authentication, avoiding clicking on suspicious links or attachments, and only downloading software from trusted sources. Additionally, it is important to keep all of your devices and software up-to-date with the latest security patches. Finally, you should also ensure that your antivirus software is enabled and running at all times. By following these steps, you can help protect yourself against ransomware attacks.

January 26, 2023
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.