Yourhope@airmail.cc Ransomware

The Yourhope@airmail.cc Ransomware is an update of the Scarab-Bomber Ransomware branch of the Scarab Ransomware's family. These Russo-English Trojans are available to any third-party criminals that pay their 'rental' fees and, often, spread by brute-force attacks. Since a decryption service isn't available for free, users should protect their media by backing it up to another device and have their anti-malware software remove the Yourhope@airmail.cc Ransomware as soon as it's identified.

The Bug is Back for Fall

The next version of the Scarab-Bomber Ransomware is launching attacks against English speakers with the help of an unknown, new threat actor. The Yourhope@airmail.cc Ransomware has only a few, meaningful changes from the old versions of this branch of the RaaS family. However, the Yourhope@airmail.cc Ransomware does show that its authors are continuing to dedicate themselves to ransoming negotiations via universal, easy-accessible channels.

The AES-256 in CBC mode is the built-in encryption method for threats of the Yourhope@airmail.cc Ransomware's family, which locks files of formats including GIF pictures, Word documents, and other media. While some of the latest entries into the Scarab Ransomware group use a non-secure or bugged feature for locking these files, malware analysts can't confirm any similar issues with the Yourhope@airmail.cc Ransomware. Any content that it blocks may remain in that unusable state indefinitely.

The Yourhope@airmail.cc Ransomware also creates a text-based ransoming note, which is, mostly, a copy-and-paste of previous versions of the Scarab-Bomber Ransomware's messages. Besides adding new e-mail addresses, as per its name, the Yourhope@airmail.cc Ransomware also offers Pidgin instant messaging support for any victims willing to buy the file-unlocking solution. This specific choice of communication platform could be thanks to Pidgin's provisions for end-to-end encryption that could provide additional anonymity to the threat actors. Other file-locker Trojans use Bitmessage for the same purpose.

Dashing a Criminal's Hopes of Ransom-Gathering

The Yourhope@airmail.cc Ransomware's only innovation of any substance is the promotion of an alternate negotiating channel, in addition to the typical e-mail addresses. For users dealing with infected PCs without backups, the Yourhope@airmail.cc Ransomware's default properties, like those of the Scarab-Crypt000 Ransomware, the Scarab-Deep Ransom, the Scarab-Rent Ransomware, or the Scarab-XTBL Ransomware, are sufficient for locking files and representing an existential danger to your digital media. Because of this family's preference for wiping the ShadowVolume Copies, the Windows Restore points also may not be available.

The Yourhope@airmail.cc Ransomware campaign may be targeting vulnerable business servers, which could be at risk from brute-force attacks that compromise the administrator's login. Factory-default login combinations, as well as simple ones like 'user1234' or 'admin1,' can be significant security risks that help remote attackers access your server and install file-locker Trojans. Although most anti-malware programs may delete the Yourhope@airmail.cc Ransomware easily, AV products don't provide any assistance with unlocking or decrypting media.

The fact that the Yourhope@airmail.cc Ransomware's ransoming template is getting more than address updates shows that the Scarab Ransomware's authors and renters are engaged in making the Trojan more effective and profitable actively. More than ever, any readers might remember that the act of 'saving' a file should include making sure that the only saved versions of it aren't all in danger of attacks by locally-installed threats.