Scarab-Good Ransomware

The Scarab-Good Ransomware is a variant of the Scarab Ransomware, a file-locking Trojan that includes members targeting both Russian and English speakers with their extortionist campaigns. This threat may prevent different files from opening, add extensions to their names, and create messages demanding that you enter into its ransoming negotiations. Let your anti-malware products remove the Scarab-Good Ransomware as soon as possible after they detect it, and use backups or non-ransom-based decryptors for your file-unlocking needs.

The Only 'Good' Kind that Comes from Using Unsafe Logins

The family of file-locking Trojans operating throughout Russia and elsewhere in the world is showing one more variant for its English half. The Scarab-Good Ransomware's campaign appears to be circulating since sometime in June and has strong similarities to past threats like the Scarab-Leen Ransomware, the Scarab-Horsia Ransomware, the Scarab-Horsuke Ransomware, the Scarab-Walker Ransomware, and other members of this family-for-hire. Users of PCs, especially, those matching the traditional environments for the Scarab Ransomware's favored targets, should be maintaining the security of their networks and the files that they save on them actively.

The Scarab-Good Ransomware locks the victims' files by using an AES-encrypting algorithm, and adds '.good' extensions to their names without changing the rest of the filename. Text documents, pictures, databases, spreadsheets, archives, audio, and video movies are some examples of the most at-risk formats. The encryption routine doesn't play an interface or symptoms for the user's observation and runs after the Scarab-Good Ransomware's installation and loading automatically. Malware experts also note that the Scarab-Good Ransomware, like other versions of the Scarab Ransomware, may erase the default, Windows backups by means that make their recovery impossible.

The Scarab-Good Ransomware profits from the locking of your files by creating a message with non-specific ransoming demands for the threat actor's decryption help. This Notepad text note is identical to that of the Scarab-Leen Ransomware campaign, except for a change of e-mail addresses for communications, and, of course, the new ID for the compromised PC. Malware experts advise against the paying of any such ransom without, first, testing other solutions. Currently, various members of the cyber-security industry are providing their limited decryption assistance for the Scarab Ransomware family.

Keeping a Not-So-Good Bug Beneath Your Heel

The Scarab-Good Ransomware is, potentially, capable of locking files on most Windows PCs, from XP up to Windows 10. However, malware analysts have yet to see any shift in the overall campaigning strategies for the Scarab Ransomware variants, which target private company networks preferentially. These attacks may use spam e-mails or, in cases of manual access, compromised USB drives, but are most likely of infecting a server after brute-forcing their way through the login credentials. Careful management of your passwords and login names can is the best defense against these vectors of attack, and RDP settings also should be kept under close monitoring.

Decryption services for the Scarab-Good Ransomware, outside of its ransom-based ones, may not be available for all victims. Instead of depending on breaking its data-encrypting feature, users are urged to keep secure backups on other devices, whenever practical. Anti-malware products should delete the Scarab-Good Ransomware automatically, although any manually-driven infections, usually, will remove or close any security software before proceeding.

While the Scarab Ransomware and its children, like the Scarab-Good Ransomware, continue thriving, company employees should remember that this state of affairs is only possible with their accidental assistance. Ransomware-as-a-Service can, as an industry, be placed in the history books as soon as all users stop forgetting the basics of network administration and backup maintenance.