Burn Ransomware

The Burn Ransomware is a file-locking Trojan that extorts money by selling an unlocking solution after it encrypts your media. This threat is a variant of the Scarab-Horsia Ransomware and may include symptoms such as creating Notepad ransom notes, changing your wallpaper, and altering the names of your files. Let your anti-malware tools detect and delete the Burn Ransomware and make a habit of saving backups for recovering anything that it locks.

A Buggy Burn that's Still Going Strong

The Russian half of the Scarab Ransomware business, a family of file-locking Trojans selling through Ransomware-as-a-Service rentals, is the characteristic that gives the Trojan its best claim to a unique identity. However, it's the English versions that are most numerous, possibly, just due to threat actors preferring a language more spoken universally for indiscriminate targeting. The Burn Ransomware is another addition to this second half of the Trojan group, and a minor variant of the Scarab-Horsia Ransomware build.

The Burn Ransomware comes long after the introduction of many, prior members of its family, such as the Scorpio Ransomware, the Scarabey Ransomware and the Xmail@cock.li Ransomwar. The threat actors of the previously-noted Scarab-Horsia Ransomware are recycling some of their infrastructure, such as the BitMessage account that negotiations the ransoming details, although malware experts have no confirmation on any similar reusing of its infection strategies. Many criminals prefer installing file-locking Trojans by brute-forcing targets with weak passwords or by sending spam e-mails, which can be indiscriminate or industry-targeted.

After it compromises an appropriate Windows environment, the Burn Ransomware searches for files that aren't in the Windows folder, with a preference for documents, pictures, some compressed archives and other media. It locks them with what usually is a secure encryption algorithm combination and adds a 'burn' extension after the first one in the filename. The other symptoms that malware experts recommend noting for identification purposes include replacing the desktop (the Scarab-Horsia Ransomware uses a donkey-themed image), deleting the Windows Shadow Volume Copies, and creating Notepad ransoming messages that don't name the price of the unlocker outright.

Assuaging that Burning Sensation in Your Files

Desperate victims could consider contacting an AV vendor that offers premium decryption help but can make no promises with any specific variant of Scarab Ransomware. Due to the decryption unavailability being a recurring problem, not just with the Burn Ransomware, but with most file-locking Trojans, malware experts always advise backing up your work regularly. Protected locations like removable devices are preferable for removing any chances of the Burn Ransomware's deleting or encrypting your best restoration option.

Trojan families like the Burn Ransomware's RaaS group also raise issues concerning network security. Even unmapped network shares are at risk from some file-locking Trojans, and mapped ones are at risk from the overwhelming majority of them. Appropriate security solutions, file-privilege settings and avoiding sharing passwords will hamper a threat actor's lateral movement throughout your network.

The majority of this threat's symptoms arrive after the damage's inflicting, and it modifies some Windows components for gaining system persistence. Let a standard anti-malware program detect and remove the Burn Ransomware as soon as possible by scanning all e-mail attachments and other downloads.

The Burn Ransomware isn't a bold, new strategy on the part of Ransomware-as-a-Service. Moreover, one can ask why it needs to be since enough threat actors are making money for the business's continued churning along.