Home Malware Programs Ransomware Scarab-Bin2 Ransomware

Scarab-Bin2 Ransomware

Posted: July 25, 2018

The Scarab-Bin2 Ransomware is an update of the Scarab-Bin Ransomware version of the Scarab Ransomware family. These Ransomware-as-a-Service Trojans circulate through brute-force attacks against network login credentials and can block the PC's media files by encrypting them. Avoid the ransoming process that the Scarab-Bin2 Ransomware recommends, if possible, and use free alternatives for restoring any content while removing the Scarab-Bin2 Ransomware with an appropriate anti-malware product.

A Familiar Bug Crawls Out of the Bin Again

The Scarab Ransomware family's newest variant is, unusually, a minor edit of the preexisting Scarab-Bin Ransomware, instead of a Trojan using the same base of code with a different cosmetic brand for its attacks. While malware experts see no significant feature updates between the first Scarab-Bin Ransomware and this brand-new the Scarab-Bin2 Ransomware, the Trojan's file-locking and ransoming features are just as complete as they were in the old attacks. Users not backing up their files are at risk of losing them permanently after this Trojan compromises their computers.

The Scarab-Bin2 Ransomware update remains specific to Windows environments, and its threat actors may be achieving the installations by running the Trojan's executable manually after brute-forcing their way past the login credentials. However, as with all RaaS or 'for-hire' Trojan operations, the introduction of new criminal administrators can result in unpredictable elements for the Scarab-Bin2 Ransomware's campaign, such as the abuse of e-mail spam attachments or torrents with fake names. The Scarab-Bin2 Ransomware uses standardized, Registry-based exploits for launching and conducting attacks against the PC's files, afterward.

Like the earlier Scarab-Bin Ransomware or other Scarab Ransomware derivatives, such as the Scarab-Deep Ransomware or the Scarab-Recovery Ransomware, the Scarab-Bin2 Ransomware uses AES ciphers for encrypting any work or media content, such as Word's DOC documents, Excel's XLS spreadsheets or JPG images. It also adds a different extension to their names (the '.bin2' string, which doesn't erase the first format tag and also includes a bracketed e-mail address for messaging the threat actor), which is the sole, concrete difference that malware experts are spotting between this Trojan and its earlier version. As with other Trojan-encrypted files, anything that the Scarab-Bin2 Ransomware locks with this attack become unreadable to the associated programs.

Consigning a Cyber-Scarab Back to the Trash

Every version of the Scarab Ransomware, to date, uses ransoming messages, typically, through Notepad files, for selling their decryption services to any victims. Although the decryptor could, theoretically, recover anything that the Scarab-Bin2 Ransomware locks, malware experts don't recommend paying, which may use non-refundable currencies and includes other, inherent risks in the transaction. The Scarab-Bin2 Ransomware has no changes in its ransoming message, relative to the Scarab-Bin Ransomware, except for the new addresses that indicate that additional threat actors are deploying the Trojan.

The Scarab-Bin2 Ransomware may erase your local backups or Windows data that's intended for restoring any damaged file data successfully. Since this risk is endemic to most file-locker Trojans, not just the Scarab-Bin2 Ransomware, all users should store at least one backup on another device for maximized security. Traditional anti-malware programs may delete the Scarab-Bin2 Ransomware without problems, but can't decrypt files. For data restoration without the above solution, the victims may wish to test the decryption options available to the public currently, such as the AV vendor Dr. Web's service.

Even without any exciting features or changes in the techniques in its payload, the Scarab-Bin2 Ransomware is more than adequate as a danger to the files that lack the protection and redundancy that all financially-valuable media should have. Until PC workers update their security habits, criminals can get by with lazy patches like the Scarab-Bin2 Ransomware.

Loading...