Scarabey Ransomware
Posted: December 13, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 1/10 |
|---|---|
| Infected PCs: | 47 |
| First Seen: | September 4, 2022 |
|---|---|
| OS(es) Affected: | Windows |
The Scarabey Ransomware is a variant of the Scarab Ransomware, a Trojan that tries to prevent you from opening your media by encrypting it and also creates ransom-related Notepad messages. This update of the Trojan also includes a timed function for deleting your locked files periodically, similarly to the Jigsaw Ransomware. Affected users should use standard security protocols to disable this threat immediately before uninstalling the Scarabey Ransomware with any favored anti-malware product, and retrieve any encoded files by free methods.
A Bug with an Extra Bit of Bite
The pseudo-Russian Scarab Ransomware campaign is upgrading itself, either with new threat actors reusing the Trojan or old ones deciding to add ancillary features to its payload. The Scarabey Ransomware keeps the previous Trojan's attacks, but also includes data-erasing potential to force users to pay their ransoms without any hesitation. As always, malware researchers recommend protecting your PC from further attacks while searching for free alternatives for undoing the Scarabey Ransomware's media damage.
The Scarabey Ransomware's campaign is targeting Russian users explicitly, and the evidence available to malware researchers leads them to believe that threat actors are brute-forcing the logins of business-oriented networks for running the Trojan. Like the Scarab Ransomware, the Scarabey Ransomware locks a range of media types, such as spreadsheets or documents, and appends '.scarab' extensions to each name.
Also like its recent ancestor, the Scarabey Ransomware drops Notepad-formatted text messages for extorting Bitcoins from its victims in exchange for the key to decrypting and unlocking their media. The Scarabey Ransomware places a particularly strong emphasis on prompt payments within two days and motivates the act by deleting two-dozen encrypted files every day. As a result, whether you choose to pay or not, disabling the Scarabey Ransomware as soon as possible is required for minimizing the risks of losing your data permanently.
Beating Back a PC's Pest Invasion
The Scarabey Ransomware's geographical focus seems to be a result of opportunism rather than any significant familiarity its current administrators have with the nation. Frequent grammar issues with its ransom notes suggest that the threat actors are using translation tools or messages misappropriated from other sources, such as a branch of the Amnesia Ransomware family. While malware experts can provide no evidence of a working decryption program for the Scarabey Ransomware, the Trojan's dual capabilities of file deletion and encryption make it especially critical to keep secure backups of your media.
Using passwords with weak security, such as short strings, common phrases, and limited alphanumeric combinations can give cybercrooks easy access to your login data and, through it, the entirety of a home network or server. Employing better password management minimizes your risk from brute-force-based attacks, and users also should remain alert to potential infection vectors arriving through e-mail spamming campaigns. Rebooting your PC securely into Safe Mode or through a USB device is optimal for helping your anti-malware programs delete the Scarabey Ransomware without it being able to do the same to any content in the meantime.
The Scarabey Ransomware may be a Trojan that prefers extorting money from Russian companies, but the same payloads are observable throughout the rest of the file-locking Trojan industry and the world as a whole. Companies with data worth holding hostage, by definition, also have content that's worth protecting with careful password maintenance and backup scheduling.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.