Alilibat Ransomware
The Alilibat Ransomware is a file-locking Trojan that's a variant of the Scarab Ransomware, a Ransomware-as-a-Service business. Besides having its unique credentials and brand, the Alilibat Ransomware includes the usual, old features of its family, such as encrypting digital media, removing Windows backups, and creating text messages with its ransom demands.
The Trojan that Gives You Its Card with Its Crime
Although file-locking Trojans are anything but scarce, it's not every day that one will offer what's nearly the equivalent of a business card with its attacks. Such seems to be how the Alilibat Ransomware's campaign is running itself, although the underlying name of its threat actor could be an alias or deliberate misdirection. In either case, it's responsible for infections that block most of the media on infected PCs, thanks to the features of its Scarab Ransomware family.
The current estimates of malware analysts place the Alilibat Ransomware in the Scarab-Bomber Ransomware branch of that family, which carries both Russian and English ransom notes. The Trojans use AES-256 encryption in CBC mode for 'locking' files like documents or other media and follow the attack up by renaming filename extensions with Base64 encoding. However, they also add another extension, such as the Alilibat Ransomware's 'alilibat.'
The extension of the Alilibat Ransomware is a reference to part of its ransom note: the apparent name of its threat actor, which he includes in his e-mail address for negotiations. Since this choice leaves the criminal vulnerable to legal authorities oddly, 'Ali Mussafen Libat' is likely a pseudonym. The fact that the Alilibat Ransomware is delivering its demands in English provides another, and a hint on which parts of the world it's victimizing.
Cutting the Numbers of the Newest Breed of Bug
The Scarab Ransomware family, sometimes, includes language-filtering options, but users should be cautious about assuming that specific language settings will save them from a file-locking Trojan. The majority of Ransomware-as-a-Service threats will cover most parts of the world without respecting national boundaries opportunistically, and use indiscriminate infection methods like torrents and brute-forcing logins. Additionally and unfortunately, the Alilibat Ransomware's branch of its family doesn't have a free decryption option, although there are premium recovery services available.
The Alilibat Ransomware's Ransomware-as-a-Service group consists of numerous variants like the Zoro Ransomware, the Scarab-Bin Ransomware, the Scarab-Deep Ransomware, and the Scarab-Fuchsia Ransomware, all of which may use different ways of infecting your computer. When compensating for the inability of anticipating all angles of attacks, users can do the following:
- Keeping complex and customized logins will help against brute-force attacks.
- Backing up your media to cloud services or removable drives like USBs will give your files recovery options without a ransom.
- Avoiding contact with unsafe downloads like unofficial Flash updates or game cracks will reduce your PC's exposure to drive-by-download attacks.
High-grade anti-malware products are capable of removing most file-locker Trojans and should delete the Alilibat Ransomware appropriately as soon as they scan the relevant file.
A criminal that's confident enough to give his name in the act is a novelty, but bravado neither enhances nor degrades the Alilibat Ransomware's cryptographic capabilities. Ransomware-as-a-Service by any name is an unpleasant experience for the recipient, assuming they don't prepare data storage beforehand.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.