Scarab-Danger Ransomware
The Scarab-Danger Ransomware is a part of the Scarab Ransomware family, which locks the user's files with an encryption-based algorithm, such as AES. Trojans of this group may target both Russian and English-speaking victims with their attempted extortion, and paying doesn't always grant the victim a file-unlocking solution. Back up your files to secure devices and allow your anti-malware protection to handle uninstalling the Scarab-Danger Ransomware or blocking the installation, when appropriate.
The Bug that Comes with Built-In Deadlines
A threat actor managing another, new version of the Scarab Ransomware is taking a particularly hard line on negotiating: rotating the addresses for instant messaging every three days, which forces the victim to decide about paying the ransom immediately. Although many file-locker Trojans include changes to their contact credentials, the Scarab-Danger Ransomware is the first that malware experts are finding using such a restrictive and time-limited schedule. Otherwise, it remains similar to the other members of its family as being a danger to your files thanks to its data-encoding feature.
Similarly to the Scarab-Osk Ransomware, the Scarabey Ransomware, and the equally-new Scarab-Bomber Ransomware, the Scarab-Danger Ransomware uses non-consensual encryption for locking different formats of files automatically. Although the family supports multiple encrypting algorithms, malware experts recommend against taking the Scarab-Danger Ransomware's word on the security of its attack, which it claims as being RSA-2048-based falsely. The Trojan also rotates through a series of different extensions for designating the files it locks, although the Scarab-Danger Ransomware always uses the format of a Jabber address (such as 'picture.bmp.fastsupport@xmpp.jp').
The extension also ties into the Scarab-Danger Ransomware's ransoming message, which is nearly identical to those of other Scarab Ransomware releases. However, the Scarab-Danger Ransomware's author also warns that the Jabber contact address rotates every three days, and he provides no 'backup' contact for missing the deadline on paying the ransom. Accordingly, the victims are put under time pressure for paying, even though doing so isn't a definite guarantee of restoring their files. This Trojan is one of the few to use Jabber for ransoming messages, along with the GandCrab3 Ransomware (who is not a member of the Scarab Ransomware family).
Limiting the Numbers of File-Eating Beetles
While the Scarab-Danger Ransomware's ransoming addresses are subject to frequent updating, malware researchers are noting no accompanying changes to the encryption method that this Trojan employs. Users without backups for a secure recovery of their files should contact a member of the cyber-security industry with experience in cryptography-based threats like the Scarab Ransomware or Hidden Tear, who may determine any chances of developing a free decryptor. Some members of the Scarab-Danger Ransomware's family may have their 'locked' media unlocked by freeware solutions already.
For the family, which the Scarab-Danger Ransomware belongs to, malware experts are highlighting the following, two strategies as being especially likely infection routes:
- Networks with sub-standard login security may be at risk for brute-force attacks that use BlackHat software for 'guessing' a password and username. After that, a criminal may drop other threats, including, but not limited to, file-locker Trojans, on the computer.
- E-mail messages also are subject to abuse for circulating threats similar to the Scarab-Danger Ransomware for targets working in government or for corporate entities especially.
Besides the importance of having secured and routinely-updated backups, users can protect their media from this Trojan by using appropriate passwords and scanning every download with a suitable anti-malware product. Those same anti-malware programs also may remove the Scarab-Danger Ransomware at any stage of infection or beforehand.
As criminals continue finding new ways to manipulate their victims, PC users will need to train at not falling for their traps equally devotedly. The Scarab-Danger Ransomware, and other, file-ransoming Trojans that demand action before thoughtfulness, only can make money with the help of those whom they attack.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.