top of page

New Super Mario ransomware attack

A new bit of ransomware is spreading across the internet, this time disguised as Nintendo’s lovable plumber Mario.

Here’s how it works. You’ll receive an email that looks like a payment notice. Attached to the email is a spreadsheet containing the malicious code. If you open it, youll be prompted to “enable edit” and “enable content,” allowing the malware to modify the spreadsheet.

For now, the code will only attack if you’re in Italy or use Italian as the primary language in Microsoft Office. If you are, bad news – it downloads an image of Mario and extracts, from some of the pixels, a PowerShell command (code that executes automated tasks within Windows) that downloads various samples of GandCrab ransomware,essentially encrypting your computer and rendering it useless until you pay the ransom in untraceable Bitcoin. Here’s what the image looks like:

The take away:

Any attachment that comes in the email is suspicious, period. Even if it’s from someone you know. Unless you’re expecting the email, don’t open it. There are all sorts of nasty things that can tag along in Word and Excel documents – it’s just not worth the risk. If you have one of our Total Security Firewalls then we block these types of things, so you are better protected. For the rest of you – be careful!

Stay safe out there.


bottom of page