Scarab-Oblivion Ransomware

The Scarab-Oblivion Ransomware is a file-locking Trojan that can block your documents and other media by encrypting the files individually. Its attacks also can create text messages asking for ransom money and change the filenames of anything that it locks. Always have a dedicated anti-malware program uninstall the Scarab-Oblivion Ransomware safely and, if possible, use non-ransom-based recovery methods for your media, such as reverting to the latest backup.

A New Breed of Bug for Your Files

The 2017's Scarab Ransomware family is remaining active throughout 2018 heavily as malware analysts continue verifying different builds of the Trojan, including the Scarabey Ransomware, the Scarab-Crypto Ransomware (from the Amnesia Ransomware fork), and the Scarab-XTBL Ransomware (a fusion of that Trojan and Hidden Tear). An unknown group of threat actors also are active in distributing one more version, the Scarab-Oblivion Ransomware, which drops semi-unique ransom notes. In other aspects of its payload, the Scarab-Oblivion Ransomware's changes are minor, but it remains threatening to the files of any compromised PC.

The Scarab-Oblivion Ransomware, like most, file-locker Trojans, uses an AES enciphering routine for encrypting Word documents, GIF images, MP3 audio, and other media automatically. The Scarab-Oblivion Ransomware implements this routine via a background process that shows no symptoms or GUI for the PC's user and can finish in minutes or, in extreme cases, seconds. For this family, in particular, malware experts warn that the Scarab-Oblivion Ransomware and its relatives also overwrite the names of all locked files with pseudo-random characters in addition to inserting their extensions (in the Scarab-Oblivion Ransomware's case, '.OBLIVION').

The latter portion of the Scarab-Oblivion Ransomware's payload creates ransom notes in Notepad's TXT format. These messages include instructions on paying a Bitcoin ransom to purchase the threat actor's file-unlocker. Interestingly, the Scarab-Oblivion Ransomware is one of the few Trojans of its sub-type that solicits telegram-based communications, in addition to e-mail. This behavior is a rare trait that malware experts also observe in the separate campaigns of 'the Merry X-Mas!' Ransomware, the Instalador Ransomware and the Satyr Ransomware.

Sending Bitcoin-Grabbing Trojans Off to Oblivion

The Scarab Ransomware family uses an encryption method that's unbreakable, based on previous analyses by malware researchers. Note that the Scarab-Oblivion Ransomware doesn't limit its attacks to local drives and also may delete or encrypt media on network-mapped ones. Additionally, the threat actors responsible for this group of Trojans often misrepresent the data-recovery solution and may not provide it, even if you pay them. Having backups secured against a localized Trojan infection, such as backing up to a cloud server, is the best protection for your files.

While the Scarab-Oblivion Ransomware has some historical ties to Russian-based Trojan campaigns, its attacks aren't specific to PC users in that nation, alone. The Scarab-Oblivion Ransomware can target and lock documents, pictures, and other media on Windows computers throughout the world with little or no discrimination. Threat actors often compromise professional networks via e-mail or brute-force attacks, while recreational PCs are more often suffer exposure via unsafe Web-browsing behavior or unsafe downloads. In most cases, a competent anti-malware product should interrupt the installation process and delete the Scarab-Oblivion Ransomware.

The con artists profiting from a file-locking Trojan like the Scarab Ransomware family don't need to reinvent the wheel. Unfortunately, that means that decryption for many, new campaigns, like that of the Scarab-Oblivion Ransomware, remains out of sight indefinitely.