Scarab-Rent Ransomware

The Scarab-Rent Ransomware is a variant of the Scarab Ransomware, a family of file-locking Trojans that diverse criminals may 'rent' for launching their semi-independent campaigns of holding digital media for ransom. Users may contact interested members of the cyber-security community for other decryption options or use non-decryption-based solutions, such as backups, for saving their files. Any PC with adequate anti-malware protection should remove the Scarab-Rent Ransomware before its attacks cause any damage to the media.

The Insect that's for Rental Purposes Only

As file-locking campaigns attacking Russians and their neighbors thrive, so do members of the Scarabey Ransomware branch of the Scarab Ransomware's family. These Ransomware-as-a-Service Trojans combine real attacks against their victims' files with unsupported claims of additional ones, such as timer-based deletion, for gathering ransom payments. The newest example that malware analysts are confirming is the Scarab-Rent Ransomware, which, like other versions of the Scarabey Ransomware side of the family, is targeting PC users within Russia's borders.

The Scarab-Rent Ransomware uses the same means of locking files as the Scarab-Danger Ransomware, the Scarab-Oneway Ransomware or the Scarab-Ukrain Ransomware: a straightforward, but secure, AES-encoding function that converts all media of the target formats to non-opening versions of themselves. This latest update of the file-locking Trojan family also adds '.rent' extensions to their names, which is the only case of English that malware analysts are verifying with its payload. The remainder of the Scarab-Rent Ransomware's features, such as its ransoming components, are in Russian.

Although the Scarab-Rent Ransomware's ransom note uses a format that malware analysts take note of in many versions of the family, it does have some relevant information and false leads for the victims. Some interesting elements include:

• The threat actors may give a 'free trial' of their decryptor by unlocking one or two files.
• The message claims that the Scarab-Rent Ransomware will erase more files every day automatically until the threat actors deactivate this feature. In reality, this sub-function doesn't exist, and the Scarab-Rent Ransomware has no other, backdoor-related features for enabling it.
• Although the message warns against using other data restoration methods, some versions of the Scarab Ransomware can have their locked files restored via decryption tools available to entities in the cyber-security industry.

Don't Let a Trojan Renter Take Their Expenses Out of Your Paycheck

The Scarab-Rent Ransomware operates virtually identically to the other versions of the Russian side of the Scarab Ransomware family. Ransomware-as-a-Service Trojans like the Scarab-Rent Ransomware may be unpredictable in how they install themselves, but most variants similar to this threat use RDP exploits after attacking a network with a brute-force utility. The proper management of your login information and passwords is, as a result, an essential line of defense against the Scarab-Rent Ransomware campaign.

Some versions of the Scarab-Rent Ransomware's family are decryptable with non-ransom-based software, and some are not. Users without the interest in gambling with their files should keep backups on other drives that the Scarab-Rent Ransomware can't harm, such as a cloud server or free USB. Shadow Copies are, usually, deleted by this family, although anti-malware programs may block and remove the Scarab-Rent Ransomware before it can encrypt or erase any data.

Russia was, once, unusual for its partial safety from file-locker Trojans, but that history is in the past. There is, unfortunately, nowhere to live that Ransomware-as-a-Service byproducts like the Scarab-Rent Ransomware aren't capable of attacking.