Scarab-Turkish Ransomware

The Scarab-Turkish Ransomware is a new release for the Scarab Ransomware family, a RaaS (Ransomware-as-a-Service) collective of Trojans that different threat actors may modify for locking the media files of their victims. This version of the Trojan communicates its ransoming instructions in a variant of the Turkish language, can block files with AES encryption and can add new extensions to the files' names. Always let your anti-malware products quarantine or delete the Scarab-Turkish Ransomware at the first practical opportunity and backup your work for protecting it from these attacks.

Turkey's PC Users are Getting Extorted, Once Again

While the Scarab Ransomware family is most divergent from the rest of its industry by targeting Russian victims regularly, Russia isn't the only nation that its threat actors abuse. Among the other countries at risk of file-locking Trojans' campaigns, Turkey is also a regular target, which malware researchers note through the attacks of the Ramsey Ransomware, the Uyari Ransomware, the Zilla Ransomware, the Cryptolocker 1.0.0 Ransomware and the latest the Scarab-Turkish Ransomware. While the Scarab-Turkish Ransomware does extort Turkish residents, it does so through a means that may make relaying all of its demands more difficult than its author intends incidentally.

AES-based encryption is the traditional method for file-locker Trojans of all but a select minority of families (such as the Xorist Ransomware) for blocking media. The Scarab-Turkish Ransomware keeps this tradition in place and may use AES for locking documents, databases, spreadsheets, archives, pictures, and other types of media, according to an internal whitelist. It prioritizes blocking work and recreational data and adds an e-mail-based extension (malware experts are confirming [Firmabilgileri@bk.ru], as in 'sample-picture.jpg.[Firmabilgileri@bk.ru]') to their names.

Another, long-held feature with the Scarab Ransomware Trojans includes creating text messages for extorting money out of the PC users. The Scarab-Turkish Ransomware does so with a note in the Turkish language and asks for the victim's contacting the address without giving a hard ransom price on the decryption service. However, the lack of Notepad support for the Turkish alphabet causes this text's displaying in an English alphabet-based variation of Turkish, which hampers the message's readability, although not to the point of total illegibility.

Reducing Turkey's Bug Population

The Scarab Ransomware family's availability as a 'for hire' Trojan introduces some elements of uncertainty into its distribution exploits, but malware analysts are finding many versions of this threat circulating via RDP and brute-force attacks. This infection vector emphasizes the need for appropriate network security protocols, especially regarding any login credentials. Spam e-mails are another strategy that the threat actors use for compromising a PC and locking its non-essential, but financially valuable files.

The Scarab-Turkish Ransomware could be decryptable by a third-party tool, such as the Scarab Decoder. Even though many decryptors are free, successful decryption isn't a surefire outcome with any file-locking Trojan infection. PC users should continue backing their files up for increasing their chances of recovering any media that becomes unusable thanks to the encryption routine. Anti-malware programs also can delete the Scarab-Turkish Ransomware for preventing any more damage or stopping the attacks from happening.

The linguistic struggles of the Scarab-Turkish Ransomware do nothing to impede its attacks against file data. Whether you're doing work on your computer in Turkey, Russia, America or Japan, the fact that Trojans like the Scarab-Turkish Ransomware continue being profitable with so little work should be of concern to you.