Scarab-Walker Ransomware

The Scarab-Walker Ransomware is a member of the Scarab Ransomware's family, which uses data-encrypting attacks for locking your documents, pictures and other files. This threat solicits Bitcoin ransoms for restoring your media, can create text messages with associated instructions and may hijack your desktop's wallpaper. Always keep backups of your media for protection against similar attacks and use anti-malware programs for deleting the Scarab-Walker Ransomware from any exposed computer safely.

Just Another Egyptian Beetle Crawling to Your Media

Threat actors with access to the Scarab Ransomware's source code are continuing with releasing new, minor updates of the threat, with all of its file-locking behavior kept in place. One of them, the Scarab-Walker Ransomware, is the pet project of a cybercriminal with an apparent fondness for Irish whiskey, from some of the cosmetic changes of its payload. This detail of the update may or may not have any relationship to any infection vectors in use, which could include compromising relevant websites with drive-by-download threats like the Nebula Exploit Kit or circulating e-mails with unsafe attachments.

The Scarab-Walker Ransomware uses the AES encryption, like the rest of the Scarab Ransomware family, which is the most prominent algorithm of choice for file-locking Trojans throughout the Black Hat industry. While it searches the PC for files of formats in its whitelist, it may block videos, audio clips, text documents, pictures, archives, and other, common forms of media. It also adds the '.JohnnieWalker' extension to their names (which is the previously noted whiskey reference).

The text message that the Scarab-Walker Ransomware creates, afterward, is a duplicate of those malware experts are finding in circulation thanks to previous Scarab Ransomware variants, like the Scarab-Horsia Ransomware, the Scarab-Oblivion Ransomware, the Scarab-Crypto Ransomware or the Scarabey Ransomware. It identifies itself as 'Walker' in ASCII art, provides a personal ID and an e-mail for negotiating, and recommends purchasing Bitcoins for the file-unlocking service. While malware analysts find no current decryption solution available for this family, for free, users always should consider different decryptor or backup recovery possibilities, before giving the cybercriminals money.

Putting Your Foot Down on the Next Scarab

The Scarab-Walker Ransomware's payload is showing minimal differences from those of the similarly new the Scarab-Horsuke Ransomware or the Scarab-Horsia Ransomware and may block your files permanently. Have backups on non-local storage devices, such as the cloud or a free USB, to give yourself recovery options that don't require breaking an encryption cipher. Even though malware analysts can't confirm this campaign's active infection strategies, the family is notable for using the below attacks for breaching a PC's security:

• Criminals may brute-force their way into a server that uses easily-guessed password login combinations and, from that point, abuse RDP features for installing this file-locking threat or others.
• Users also may endanger their PCs by opening corrupted files that could drop the threat automatically. Typically, this exposure is the result of the user's contact with an e-mail attachment that the cybercriminals format in the resemblance of work, finance, news or a package delivery-related content.

Just under half of most brands of anti-malware software in the industry are detecting this threat. Update your software for improving its detection results and eliminating the Scarab-Walker Ransomware, and similar Trojans, before they're in a position for causing any media damage.

Early developments in the Scarab Ransomware family tended towards Russia-based campaigns. The extensive growth and routine maintenance of this Trojan and variants like the Scarab-Walker Ransomware, however, make it more apparent than ever that its cybercriminals are collecting ransoms happily anywhere they can find them.