.aescrypt Ransomware

The .aescrypt Ransomware is a variant of the Scarab Ransomware, a group of file-locking Trojans that third-party criminals rent for their attacks. It may encrypt your files locally and over an unsecured network, delete some forms of backups, and leave behind ransoming messages for an unlocking service. Let your anti-malware products uninstall the .aescrypt Ransomware before you recover your files through appropriate, non-extortion-based methods.

Some More Insectile File Problems for Those without Backups

The Scarab Ransomware family's next member is wearing its cryptography on its sleeve by including the algorithm choice in the same tag that it adds to the user's blocked files. This tweak may help some victims of its attacks by identifying the family's key feature, but, unfortunately, doesn't close the gap towards a free decryption service. Concerning its file-blocking features, the .aescrypt Ransomware appears just as secure as its brethren like the Burn Ransomware, the Scarab-Bomber Ransomware variants like the Yourhope@airmail.cc Ransomware, or the the Scarab-Gefest Ransomware branch.

The .aescrypt Ransomware stays true to its name by using AES encryption as a 'locking' mechanism against content such as your Word or PDF documents, JPG or BMP pictures, archives, HTML pages, and other media. It includes additional, RSA protection that keeps the encryption from being too decryptable by security researchers readily, and adds the 'aescrypt' extension onto their filenames. Whether or not the victim leaves the extension intact doesn't affect the file's not opening.

Malware researchers advise against depending on Windows' default features for recovering your files. The .aescrypt Ransomware's family will, unless they're interrupted, issue commands that wipe the Shadow Volume Copies, which the Windows' Restore Points require. The .aescrypt Ransomware also may change your wallpaper, which the Scarab Ransomware is known for implementing, although there is no data available on any custom background pictures that it might be using, for now.

Breaking the Carapace of Another Scarab Ransomware

The intense proliferation of the Scarab Ransomware variants owes itself to the Ransomware-as-a-Service way of doing business, which lets other criminals customize their versions of the Trojan. These options include different ransoming messages or extensions. If it's practical, all victims should ignore the 'security problem'-themed ransom note, which solicits money for services that threat actors may not give after getting their payment.

Campaigns leveraging Trojans from the .aescrypt Ransomware's family incline themselves towards hacking servers running poor choices of passwords and installing the threat with the help of RDP features. However, malware experts also advise being cautious around Word or PDF documents arriving attached to suspect e-mail messages, as well as when using JavaScript or Flash on a possibly-unsafe website. Common-sense security precautions like scanning all your downloads and applying security updates can cut down many of these infection vectors.

Nearly all, modern versions of Windows are compatible with this file-locker Trojan and other versions of its family. The Trojan may continue encrypting or erasing content, and users should remove the .aescrypt Ransomware with appropriate anti-malware solutions before trying any media recovery options that are available to them.

The .aescrypt Ransomware may tell the people it's attacking how it's blocking content, but knowing the how doesn't help with a safe resolution. Sometimes, knowing all one can about a Trojan is just an all-the-more-firm warning to mind your PC's security and backups better, next time.