Posted: June 29, 2018 Ransomware Description

The Ransomware is a file-locking Trojan that can encrypt text documents, images, and other media formats to prevent the user's opening them. As a member of the Scarab Ransomware family, the Ransomware may be compatible with freeware decryption solutions, although malware researchers recommend backing up your files for a more comprehensive data recovery method. Let your anti-malware products handle uninstalling the Ransomware or removing the threat before it attacks.

A New Amnesia Ransomware Makes you Pay for Forgetting Your Backups

Threat actors are continuing to maintain active distribution channels for file-locking threats from the Russo-English Scarab Ransomware family, whose hallmarks include Remote Desktop-based infection techniques, AES encryption and the scrambling of filenames. The latest English-specific variant that malware researchers confirm is the Ransomware, which is dropping an identical payload to past versions, but with a new e-mail address. Decryption for free, while not theoretically possible, has yet to receive confirmation of working through publicly-available software.

Infection strategies for the Ransomware may use such methods as spam e-mails, exploit kits or torrents, but are likely of specializing in RDP and brute-force attacks statistically. These techniques can compromise vulnerable server PCs by breaking their passwords and giving a remote attacker direct control over them for installing arbitrary programs. The Ransomware, as a member of the Amnesia Ransomware fork of its family, uses an AES-based encryption routine that's similar to that of the Scarab-Walker Ransomware or the Scarab-Osk Ransomware.

While it's locking Word or PDF documents, pictures, and additional formats of media, the Ransomware also overwrites the filenames with Base64-like random strings of characters. The users can identify the files from temporary or junk data separately by searching for the extension it also adds, which is the e-mail address noted in its name. Since this family erases the Windows operating system's backup points habitually, the Shadow Volume Copies can't recover these files, which is why malware researchers advise storing your backups elsewhere.

Remembering the Easiest Ways of Countering a Forgetful Trojan

The Ransomware's family, while attentive of compensating for the presence of local backups, has no noteworthy features for deleting non-local ones, such as those the user might store on peripheral devices or a cloud service. Potential victims of these attacks, such as server administrators, also can monitor their RDP settings and use unique and secure passwords for keeping criminals from gaining any unwarranted access to their systems. Most file-locker Trojan campaigns that don't employ brute-force attacks take advantage of risky Web-browsing habits from their victims, such as opening spam e-mail attachments.

Another characteristic of the Ransomware's family is the presence of Notepad ransoming messages. This Trojan uses a copy of previous notes with nothing more changed than the e-mail address for contacting its threat actor. Malware experts strongly advise against paying the ransom, which almost always uses currencies that disallow refunds. Free decryption software may be capable of 'unlocking' the associated files, and, in the meantime, most anti-malware tools can delete the Ransomware automatically.

As much as the Ransomware is a direct clone of the previous Trojans in its family tree, it also is a capable danger to documents and other, digital media equally. The popularity of these threats among criminals makes it questionable increasingly as to why anyone would save files worth any amount of money without also protecting them from simple encryption attacks.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.