Scarab-FastRecovery Ransomware

The Scarab-FastRecovery Ransomware is part of the Scarab Ransomware family of file-locker Trojans that use encryption for holding media hostage. Users can detect any 'locked' files from the extensions this Trojan adds and should ignore the accompanying, text-based ransoming instructions. Anti-malware products should block the Scarab-FastRecovery Ransomware or uninstall it securely, and both backups and free decryption software can alleviate the associated data loss.

Trojans Hoping for Fast Recoveries in the Wrong Ways

Victims of an unknown infection vector for the Scarab's latest variant are providing limited samples of the threat's components, including its ransom note, to public ransomware repositories. Although malware analysts have yet to isolate the new Trojan, the Scarab-FastRecovery Ransomware, to a specific branch of the family (such as the Scarabey Ransomware), its symptoms all are in line with those of previous cases. The users in the most danger of suffering non-reversible data loss are those owning highly-used formats of files, such as Word documents, without secure backups for them.

The Scarab-FastRecovery Ransomware adds its threat actor's new e-mail address to the end of the files' names after encrypting them with an AES cipher (for example, 'river.gif' becomes 'river.gif.fastrecovery@airmail.cc'). The threat targets documents, images, audio, spreadsheets, archives, and other media that's highly in use in both workplace networks and recreational computers. Although this does prevent the associated files from opening, malware experts note that previous, public file-unlocking software for the Scarab Ransomware family also should retain their compatibility with the Scarab-FastRecovery Ransomware.

The Trojan also creates a simple, but semi-unique ransoming message in the Notepad that initiates the ransoming negotiations. Important details include the individually-generated ID for the victim, the e-mail address, and a fake claim of the threat's using impenetrable, RSA-2048 encryption on the blocked files. At the time being, while malware experts lack any evidence for confirming the ransom's price, paying should be unnecessary, since old decryptors provided by members of the anti-malware industry will perform the same function.

Keeping a Line of Beetles Limited

Some versions of the Scarab-FastRecovery Ransomware's family, particularly the Scarabey Ransomware branch, can include time-based features for deleting additional files. Most file-locker Trojans also can erase any localized backups, with an emphasis on the Windows defaults, like the Shadow Volume Copies. Saving your backups to other devices can remove all risk of the Scarab-FastRecovery Ransomware's tampering with your only restoration solutions not involving a decryption application. If decrypting the media is your only option, malware experts suggest contacting any appropriate cyber-security researcher or organization with experience with the Scarab Ransomware family.

There are many variants of Trojans using most of the same code as the Scarab-FastRecovery Ransomware, including the Scarab-Osk Ransomware, the Scarab-Rebus Ransomware, the Scarab-Horsuke Ransomware and the Scarab-Walker Ransomware. In most campaigns, the threat actors are using e-mail-based attacks or RDP features for compromising the PC. Typical anti-malware products may identify these unsafe attachments or delete the Scarab-FastRecovery Ransomware before the installing routine starts. However, only cautious login and password management can lower the risk of RDP attacks.

Much like actual beetles demonstrate a successful entomological niche, the Scarab Ransomware updates like the Scarab-FastRecovery Ransomware are evolutionary examples of working models for modern-day ransoming crimes. The more widely in-use security standards and backups become, the less useful and prolific the Scarab-FastRecovery Ransomware's family will be.