Posted: October 17, 2018 Ransomware Description

The Ransomware is an update of the Scarab-Bomber Ransomware branch of the Scarab Ransomware's family. These Russo-English Trojans are available to any third-party criminals that pay their 'rental' fees and, often, spread by brute-force attacks. Since a decryption service isn't available for free, users should protect their media by backing it up to another device and have their anti-malware software remove the Ransomware as soon as it's identified.

The Bug is Back for Fall

The next version of the Scarab-Bomber Ransomware is launching attacks against English speakers with the help of an unknown, new threat actor. The Ransomware has only a few, meaningful changes from the old versions of this branch of the RaaS family. However, the Ransomware does show that its authors are continuing to dedicate themselves to ransoming negotiations via universal, easy-accessible channels.

The AES-256 in CBC mode is the built-in encryption method for threats of the Ransomware's family, which locks files of formats including GIF pictures, Word documents, and other media. While some of the latest entries into the Scarab Ransomware group use a non-secure or bugged feature for locking these files, malware analysts can't confirm any similar issues with the Ransomware. Any content that it blocks may remain in that unusable state indefinitely.

The Ransomware also creates a text-based ransoming note, which is, mostly, a copy-and-paste of previous versions of the Scarab-Bomber Ransomware's messages. Besides adding new e-mail addresses, as per its name, the Ransomware also offers Pidgin instant messaging support for any victims willing to buy the file-unlocking solution. This specific choice of communication platform could be thanks to Pidgin's provisions for end-to-end encryption that could provide additional anonymity to the threat actors. Other file-locker Trojans use Bitmessage for the same purpose.

Dashing a Criminal's Hopes of Ransom-Gathering

The Ransomware's only innovation of any substance is the promotion of an alternate negotiating channel, in addition to the typical e-mail addresses. For users dealing with infected PCs without backups, the Ransomware's default properties, like those of the Scarab-Crypt000 Ransomware, the Scarab-Deep Ransom, the Scarab-Rent Ransomware, or the Scarab-XTBL Ransomware, are sufficient for locking files and representing an existential danger to your digital media. Because of this family's preference for wiping the ShadowVolume Copies, the Windows Restore points also may not be available.

The Ransomware campaign may be targeting vulnerable business servers, which could be at risk from brute-force attacks that compromise the administrator's login. Factory-default login combinations, as well as simple ones like 'user1234' or 'admin1,' can be significant security risks that help remote attackers access your server and install file-locker Trojans. Although most anti-malware programs may delete the Ransomware easily, AV products don't provide any assistance with unlocking or decrypting media.

The fact that the Ransomware's ransoming template is getting more than address updates shows that the Scarab Ransomware's authors and renters are engaged in making the Trojan more effective and profitable actively. More than ever, any readers might remember that the act of 'saving' a file should include making sure that the only saved versions of it aren't all in danger of attacks by locally-installed threats.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Ransomware