Scarab-Cybergod Ransomware

The Scarab-Cybergod Ransomware is a file-locking Trojan of the Scarab Ransomware family. These Trojans are related to brute-force attacks against a network's login credentials and can block various formats of media with the intention of ransoming them frequently. Use appropriate backups or non-criminal-endorsed decryptors for any locked files, and have a trusted anti-malware product uninstall the Scarab-Cybergod Ransomware as needed.

Russian Ransomware Turns to the Movies

Threat actors using the Ransomware-as-a-Service of RaaS family of the Scarab Ransomware are turning to cinematic experiences for their inspiration on how to 'market' their file-ransoming attacks. This next version of the family, the Scarab-Cybergod Ransomware, is attacking English speakers, although the ransom note's grammar errors imply some degree of unfamiliarity on the part of the criminal. Besides having a new theme, the Scarab-Cybergod Ransomware continues encrypting files and creating Notepad-based ransom demands after the fact.

The Scarab-Cybergod Ransomware campaign is in live distribution against victims with currently-unverified identities, although business entities with non-secure network logins are the most traditional targets of this family. The Scarab-Cybergod Ransomware uses the AES-256 encryption for locking various media formats, which can include most content related to Microsoft Office programs (such as Word documents), pictures, archives, audio and video. Malware experts also are confirming the Scarab-Cybergod Ransomware's use of a Base64 name-encoding function that could keep the user from identifying the specific files that the Trojan is locking.

The Scarab-Cybergod Ransomware uses the theme of the Lawnmower movie franchise in several of its symptoms, including the extension for the locked files ('.CYBERGOD') and the ransom note, which is a text file containing ASCII art and messages promoting the movie. The rest of the note's contents use a standard Scarab Ransomware format of giving the victim an e-mail for negotiating on the file-unlocking program and an accompanying ID number. Paying this ransom should not be done lightly since many members of this RaaS family are compatible with the official decryption services from members of the AV industry.

Repealing the Divinity of a Rental Trojan

Threats like the Scarab-Cybergod Ransomware can be semi-unpredictable in how they circulate due to different criminals paying for access to Ransomware-as-a-Service programs. This family, which also includes other English-based, as well as Russian-based Trojans, such as the Scarab-Bin2 Ransomware, the Scarab-Leen Ransomware, the Scarab-XTBL Ransomware or the Scorpio Ransomware, often exploits networking vulnerabilities. Network admins should double-check all login credentials for any signs of compromises and avoid using too-simple or default passwords, which are prone to being brute-forced.

Although there is a non-ransom-based decryption solution for the Scarab-Cybergod Ransomware's family, users also should keep backups for making decryption an unneeded luxury against file-locking Trojans of all ancestries. The Scarab-Cybergod Ransomware is likely of deleting the Windows' Shadow Copies, and one should save any backup data to a device that it can't access and erase or lock, such as a removable USB. As usual, users with appropriate, Windows-compatible anti-malware tools should delete the Scarab-Cybergod Ransomware with that software immediately for keeping all data encryption to a bare minimum.

The creativity of the Scarab-Cybergod Ransomware's choice of brand is neither a hindrance nor a benefit to its primary features, which block data until the victim pays effectively. Whatever the ransom's cost might be, trusting a criminal with a god complex is a questionable way of getting one's files back.