Home Malware Programs Ransomware Scarab-ARTEMY Ransomware

Scarab-ARTEMY Ransomware

Posted: February 28, 2019

The Scarab-ARTEMY Ransomware is a file-locking Trojan from the Scarab Ransomware family, which divides its attacks between Russian and English-speaking victims. The Scarab-ARTEMY Ransomware can block your files automatically, including ones accessible over a local network, by encrypting them, and may wipe backups or create ransom-themed documents. Users should keep backups secured on other devices for their files' preservation and use dedicated anti-malware software for removing the Scarab-ARTEMY Ransomware appropriately.

A Screen Saver Does the Opposite of Saving

Distribution through a corrupted screen saver or SCR file is one of the Scarab Ransomware's distinctive, if not always consistent traits, and a recent campaign is carrying that exploit into a new series of attacks. The Scarab-ARTEMY Ransomware's fake screen saver is an executable that could be tricking the victim into running it, believing that it's a document attached to an e-mail or instant message, according to its date-based filename. The consequences are the same as those of other members of its family: dealing with the mass encryption of your media files.

Documents, images, compressed archives like ZIPs, and Microsoft Office content like Excel spreadsheets are inclusions in the Scarab-ARTEMY Ransomware's list of formats for encrypting, which, after that, blocks the file from opening. The family uses AES-based encryption with no known, public decryption service for counteracting it without a fee. Malware experts, also, confirm the Scarab-ARTEMY Ransomware's overwriting the file's name with semi-random characters, besides the usual appending of a campaign-specific 'ARTEMY' extension.

The Scarab-ARTEMY Ransomware is a part of the Russian half of its family, which most closely relates it to the Scarab-Skype Ransomware, the Scarab-Rent Ransomware or the Scarabey Ransomware. Others, like the English-language Scarab-Crash Ransomware, serve as contrasting counterparts campaigning elsewhere in the world. Users without the Russian Cyrillic alphabet available only will see gibberish characters in the Trojan's ransom note, which is a Notepad file that asks the user to negotiate at the threat actor's e-mail address.

The Etymology of Trojan Branding

The Scarab-ARTEMY Ransomware's label of choice, a variant of the name Artyom, may be capitalizing on the recent release of Metro Exodus, an Eastern European gaming franchise with a man of the same name serving as the player character. Whether this coincidence is of personal significance to the threat actor or not, he's likely of distributing the Scarab-ARTEMY Ransomware through well-known methods, including spam e-mails or brute-forcing logins on vulnerable servers. Practicing safe password-maintenance and appropriate precautions when interacting with e-mail attachments, especially ones with financial themes, is crucial.

The Scarab-ARTEMY Ransomware should be assumed capable of encrypting or deleting any local backups, especially, the Shadow Volume Copies that Windows creates for its Restore Points. Backing up work to another device that it can't attack is the only definite way of keeping your media secure since malware experts don't expect a compatible decryptor for the Scarab-ARTEMY Ransomware's family in the public domain. Anti-malware tools can, however, block or remove the Scarab-ARTEMY Ransomware from your computer and preempt the payload.

Analyses of the Scarab-ARTEMY Ransomware began in late February, and the file-locking Trojan shows few signs of circulating before that time significantly. However, the Scarab Ransomware's hand stretches back for years and may extend forward similarly, unless users start backing up their work appropriately.

Loading...