Home Malware Programs Ransomware anonimus.mr@yahoo.com Ransomware

anonimus.mr@yahoo.com Ransomware

Posted: August 3, 2018

The 'anonimus.mr@yahoo.com' Ransomware is a variant of the Scarab Ransomware, a family of file-locker Trojans distributing under a Ransomware-as-a-Service or RaaS rental model. The 'anonimus.mr@yahoo.com' Ransomware can, like any other member of this group of threats, use attacks that encrypt and block your files until you pay the ransom it specifies in its text messages. Users should uninstall the 'anonimus.mr@yahoo.com' Ransomware with their preferred anti-malware program and use free backups or professional decryption software when their files require it.

A Criminal Jumping Ship... to a More Convenient Vehicle

A threat actor who began extorting money by locking his victims' files with the AnimusLocker Ransomware family is switching over to another, RaaS competitor: the Scarab Ransomware. This change could be an attempt at avoiding the working decryption services provided by various members of the cyber-security community for the AnimusLocker Ransomware, even though many versions of the Scarab Ransomware also are compatible with public file-unlocking solutions. While the 'anonimus.mr@yahoo.com' Ransomware's attacks only began recently, malware researchers are tracking multiple victims in its campaign.

Unlike some of the more significant members of the same family, the 'anonimus.mr@yahoo.com' Ransomware uses English-based ransoming notes and shows no inclinations towards attacking Russian PCs. The 'anonimus.mr@yahoo.com' Ransomware and other Scarab Ransomware variants suppress any visual symptoms during their installation and encryption routines, which, ultimately, block media files in various locations, such as the desktop and the user's downloads folder, with an AES encryption algorithm. The 'anonimus.mr@yahoo.com' Ransomware also adds the e-mail in its name to the filenames of everything that's locked, thereby giving the user a way to search for any encrypted data.

The 'anonimus.mr@yahoo.com' Ransomware also drops what is, by now, an archetypal ransoming message in Notepad's native format, claiming that there's a 'security problem' with the PC and giving the victim additional ransoming instructions. Since there are decryption services available for many versions of the Scarab Ransomware, the users should consider using that solution instead of giving the criminal money for the help that he may not give back to them.

Noticing the Differences Between a Trojan's Looks and Its Attacks

Since the extensions and e-mail addresses it uses are some of the most casually-available pieces of evidence for tracking a file-locking Trojan's identity, the victims of the 'anonimus.mr@yahoo.com' Ransomware's attacks may suffer from inaccurate assumptions immediately. The use of a decryption solution for a different family than the Scarab Ransomware only can corrupt any encrypted files and, most likely, make them unrecoverable. Copying your files before decrypting them and having backups, especially, backups on other devices, are useful precautions for dealing with the 'anonimus.mr@yahoo.com' Ransomware infections.

Every new threat actor taking advantage of a Ransomware-as-a-Service product is, in theory, capable of using a different strategy for installing the Trojan. Despite that caveat, malware experts, usually, find versions of the Scarab Ransomware present after the original users neglect their login credentials' security or open a corrupted e-mail attachment. Although many brands of anti-malware programs can delete the 'anonimus.mr@yahoo.com' Ransomware easily, they can't unlock any files.

The 'anonimus.mr@yahoo.com' Ransomware's campaign is a live showing of a criminal who's modernizing his Trojans for counteracting the solutions of the cyber-security industry. However, one thing that applies just as well to the 'anonimus.mr@yahoo.com' Ransomware as it does to the AnimusLocker Ransomware is the always-relevant defense of a secure backup.