Maria Ransomware is yet another name in the increasingly growing list of ransomware. The ransomware was first sighted around the first week of November 2018. Some security analysts believe that it could be related to BlackHeart Ransomware, due to some similarities between both ransomware. Maria is designed to ensure that all Windows host (Windows XP, 7, 8, 10, Vista, Server) are compromised instantly after coming into contact with it.
To break stealthily into systems, Maria takes advantage of a multitude of infection strategies to hack computers. Its primary distribution strategy is the use of spam email campaigns where malicious files and hyperlinks are added in the emails. Since these file attachments contain macros, a fundamental understanding about their operation and disability is crucial.
When Maria enters the PCs of its victims; it begins by executing different operations. To lock user files, a combination of AES (Advanced Encryption Standard) and RSA is utilized. Data like corporate documents, sensitive photos, database files, presentations, and other critical pieces of information are made inaccessible due to encryption. Each of these files has an extension with the name of “.mariabc” which is appended at their end. When the encryption process culminates, it generates a window called “email protected” which is effectively the ransom note.
Similar to other conventional ransomware, Maria also asks for a ransom in exchange for a ransomware removal solution. This ransom is demanded via a pop-up window. The window says that Maria acknowledges the hack and provides an email address for communication. Communication can also be initiated on Telegram via @MAF420. The typical ransom amount is $50 which has to be paid in the form of Bitcoin. This transaction requires sending BTC on the cybercriminals wallet address. The perpetrators also warn their victims against using any ransomware removal solution or contacting authorities and cybersecurity firms for assistance.
