Home Malware Programs Ransomware Scarab-DD Ransomware

Scarab-DD Ransomware

Posted: October 18, 2018

The Scarab-DD Ransomware is a file-locker Trojan that can keep your media from opening by encrypting the files. The file-locking process doesn't generate any obviously-visible symptoms, although, afterward, the Trojan marks the associated content with new extensions. Save your backups to another device for limiting any damages from infections and have anti-malware products ready for deleting the Scarab-DD Ransomware as needed.

The Doctor is Back in Agai

One of the lesser-known members of the Scarab Ransomware family, the Scarab-DiskDoctor Ransomware, is seeing an upgrade that consists of little more than new extensions and addresses. Although this group of file-locker Trojans includes significant support for Russian-based server admins, this new build, the Scarab-DD Ransomware, is targeting English speakers. Along with the blocking of content, the Scarab-DD Ransomware also takes steps for disabling the Windows system-repairing features that might work around the consequences of its attacks.

The Scarab-DD Ransomware is almost a complete copy of the months-younger Scarab-DiskDoctor Ransomware, and, like it, uses the AES encryption for keeping the user's media locked. Although the Scarab-DD Ransomware adds a different extension ('DD') to the filenames, it continues attacking the Shadow Volume Copies, disabling Windows boot-up warnings, and conducting other, anti-data-recovery attacks that are typical for this family. Users may double-check their default, local backups in the rare case of bugs preventing the deletion from occurring.

Malware experts also are finding equally-minor changes to the Notepad ransom note that the Scarab-DD Ransomware creates. The instructions, embellished with an ASCII art piece that the Scarab-DD Ransomware shares with the Scarab-DiskDoctor Ransomware, give the user an e-mail and ID for entering into negotiations for the decryption service. Besides an update to the e-mail, which, still, uses a free ProtonMail address, the Scarab-DD Ransomware's warning is no different from the ones of its immediate ancestor.

Blocking Your Disk's Appointment with a File Encryptor

Paying the ransom is, at best, a high-risk option that may not give you a solution or penalize the threat actor's failure to decrypt your media safely. Any network-accessible drives are, also, at risk without any additional protection, such as requiring a unique login.

Malware researchers tend to see attacks from this family, including recent editions like the Scarab-Skype Ransomware, the Scarab-Barracuda Ransomware, the Scarab-Turkish Ransomware, and the Scarab-Bin Ransomware, using RDP exploits and brute-force tools. Servers are more vulnerable to these compromise strategies when their login requirements have popular or unsophisticated values, such as having a password of 'password123.' Although having anti-malware applications for removing the Scarab-DD Ransomware is the recommendation of researchers, that software can't prevent an attacker from installing software under manually-driven conditions.

The Scarab-DD Ransomware has a 'healing touch' for the profits of anyone wanting to run a Ransomware-as-a-Service campaign without needing to do much more than maintain an e-mail account. Depending on your operating system's help with retrieving your media is growing into an even more poor choice by the minute, with new versions of Scarab Ransomware around.

Loading...