Scarab-DiskDoctor Ransomware

The Scarab-DiskDoctor Ransomware is a part of the Scarab Ransomware family, which locks your files by encrypting them automatically. The Scarab-DiskDoctor Ransomware's attacks also can add new extensions to the names of any blocked media and deliver text messages telling you to contact the threat actor for ransoming negotiations. Users with backups can recover their files without requiring any decryption solution, and standard anti-malware programs may remove the Scarab-DiskDoctor Ransomware safely, or stop the Trojan from installing itself.

The Doctor is in (Your Files)

Variations on the Scarab Ransomware family are continuing to appear, in the same fashion as most Ransomware-as-a-Service families that proliferate with many minor remixes of ransoming notes but little to no alteration of the attacks that give incentive to the ransoms in the first place. The Scarab-DiskDoctor Ransomware campaign is one of the newest variants available to malware experts, similarly-aged to Scarab-Rebus Ransomware or the Scarab-Osk Ransomware, and approximately a year older than the Scorpio Ransomware.

The infection exploits for the Scarab-DiskDoctor Ransomware's installation may include brute-force attacks against vulnerable login combinations, files attached to spam e-mails, or, more rarely than those two methods, an exploit kit on a compromised website. Once the Scarab-DiskDoctor Ransomware infects a Windows PC, the Scarab-DiskDoctor Ransomware, like other versions of the Scarab Ransomware, employs a non-consensual, AES-based secure encryption routine for converting significant formats of media, such as documents or images, into non-opening equivalents.

Unlike some of the primitive versions of the Scarab Ransomware, the Scarab-DiskDoctor Ransomware doesn't modify the rest of the filenames in a semi-Base64 format, but it does add its personalized '.DiskDoctor' extension to them (for instance: 'butterfly.bmp.DiskDoctor'). The additional tag is a reference to its Notepad ransoming note, which gives the victim an e-mail address for contacting the threat actor and paying for a file-unlocking service. In the absence of unprecedented vulnerability discovery, malware experts estimate no free decryption software being available for the Scarab-DiskDoctor Ransomware or its family shortly.

The Cheapest Cure for Bad Medical Treatment

Some of the various solutions malware researchers encourage implementing ahead of time for limiting the Scarab-DiskDoctor Ransomware's campaign include these strategies:

• Avoid using passwords and account name logins that are easy to 'guess' or crack with brute-force utilities, such as short strings with limited alphanumeric combinations, or defaults like 'password123.'
• Be cautious about downloading and launching files attached to unexpected e-mail messages, which can carry file-locker Trojans or installation exploits related to them, while pretending to be invoices, or other, non-hostile documents.
• Keeping backups on another device, including both detachable drives and cloud services, can give victims additional security for their files that the Scarab-DiskDoctor Ransomware can't impact by encrypting or deleting the copies

Like other file-locker Trojans, such as the freeware Hidden Tear or EDA2, the Scarab-DiskDoctor Ransomware completes its attacks without symptoms and in a relatively short time span. Most anti-malware products, if they're running with updated databases, should detect and delete the Scarab-DiskDoctor Ransomware immediately since malware experts aren't noting any enhanced defensive features in this update.

Overall, the Scarab-DiskDoctor Ransomware amounts to a modest change of text instructions and, otherwise, delivers file-endangering attacks similar to those of the rest of its recent ancestors. However, the security around Scarab Ransomware's encryption methods makes it very evident that anyone hoping that they always can decrypt the files that they don't back up is hoping in vain.

Update September 17th, 2018 — 'mammon-decrypt@protonmail.com' Ransomware

The 'mammon-decrypt@protonmail.com' Ransomware is a file-encryption Trojan, which extorts its victims for money by encrypting their files and then offering to supply them with a working decryptor in exchange for a hefty payment. This particular threat belongs to the Scarab Ransomware family, and it seems to be closely related to the Scarab-DiskDoktor Ransomware, one of this family’s more popular members. Unfortunately, the decryption of variants of the Scarab Ransomware is not always a possibility, and often victims might not be able to rely on a free decryptor to help them get their files back. However, this does not imply that you should ask the authors of the 'mammon-decrypt@protonmail.com' Ransomware for help – do not forget that they are anonymous cybercriminals who will not hesitate to take your money without sending you a decryption utility.

The hackers behind threats like the 'mammon-decrypt@protonmail.com' Ransomware may often utilize a broad range of propagation techniques to get their harmful applications to as many people as possible. The 'mammon-decrypt@protonmail.com' Ransomware, for instance, is usually spread with the use of fraudulent e-mail messages, which contain a corrupted attachment. The body of the message usually presents the attachment as an important invoice, CV or another document. However, users who are tricked into downloading and launching the corrupted attachment may end up initializing the 'mammon-decrypt@protonmail.com' Ransomware’s attack unknowingly.

When this ransomware is activated, it may begin to encrypt a variety of files – images, databases, archives, documents, spreadsheets, videos, backups, etc. immediately. All locked files will be marked with the ‘.mammon’ extension, therefore allowing users to recognize easily the magnitude of the damage their files suffered. Usually, variants of the Scarab Ransomware leave one ransom message for the victim to read, but the authors of the 'mammon-decrypt@protonmail.com' Ransomware have opted to use three files – HOW TO RECOVER ENCRYPTED FILES.txt, HOW TO RECOVER ENCRYPTED FILES1.txt and HOW TO RECOVER ENCRYPTED FILES2.txt.

The ransom note reads that any attempt to unlock the files free of charge or remove the ransomware may result in the immediate deletion of all data. The good news is that this warning is false, and the 'mammon-decrypt@protonmail.com' Ransomware will not damage your files permanently if you use anti-virus software to remove it. However, it is recommended to backup the encrypted files before you try and use any data recovery software since you should always have a reserve copy in case the original files get damaged.