Scroboscope Ransomware
The Scroboscope Ransomware is a file-locking Trojan that can block your media by encrypting it for, later, ransoming the decryption service to you. Besides the damage to your files, malware experts are verifying its traditional capacity for disabling some Windows recovery features, including removing the ShadowVolume Copy backups. Although this threat is circulating as fake AV software, most anti-malware programs should quarantine or delete the Scroboscope Ransomware before it causes any harm.
Trojans Offering New Reasons for Reading Your Downloads Carefully
A file-locker Trojan is pretending that it's a variant of the Kaspersky-brand security software, although the threat actor is misspelling the famous brand's name as 'Kashperovsky.' After tricking a user into executing the Windows file, supposedly for installing an 'Internet Security' product, the Scroboscope Ransomware can access and encrypt digital media in multiple folders on the computer. In the meantime, it also takes actions that block the user's access to critical recovery possibilities.
The Scroboscope Ransomware uses the AES encryption, which is, by far, the most popular cryptographic attack among file-locker Trojans ranging from Hidden Tear and EDA2 to many Ransomware-as-a-Service operations. While malware experts are verifying a filename-editing feature that adds the '.N0JJC' extension, as well, the encryption targets the file's internal data and any changes to the name won't 'unlock' or 'lock' a file.
Other features that malware researchers are outlining in the Scroboscope Ransomware samples represent even more significant security issues, although many of them are traditional for RaaS families like the Scarab Ransomware and the Globe Ransomware. Its secondary functions also consist of:
- The Scroboscope Ransomware can delete the Shadow Volume Copies that Windows uses for saving data via the System Restore Points.
- The Scroboscope Ransomware suppresses any error messages during the Windows booting sequence, which could hide the Trojan's non-consensual installation.
- The Scroboscope Ransomware also blocks Windows-repairing features that can assist with recovering from issues with your firewall, Registry, corrupted updates, etc.
How to Keep an AV Tactic from Making Money Off of Your Files
The Scroboscope Ransomware is distributing itself with a social engineering tactic that can circulate throughout unsafe Web advertisements, corrupted 'freeware' websites, and torrent networks. However, this PHP-based program should be detectable by most legitimate anti-malware tools and products, and its evasion rates against industry detection metrics are notably sub-standard. Issues in the Scroboscope Ransomware's latest build, also, throw several error messages and show a visible CMD UI window, which can help the victims identify that their PC is under an attack.
The encryption that the Scroboscope Ransomware delivers has no public decryptor, for now, and one may never become available for free. As malware experts see this issue recurring with most file-locking Trojans, users should prepare themselves by backing up their media, such as documents, to other devices. Removing the Scroboscope Ransomware with a trusted anti-malware program can stop any further encryption, but you may need to re-enable various Windows features individually.
The idea of disguising yourself as the antidote to the same problem that you're causing isn't new to criminals or file-locking Trojans. The fact that the Scroboscope Ransomware's author thinks it will continue working is an assumption that everyone should do their part in debunking.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.