Scarab-Bin Ransomware
The Scarab-Bin Ransomware is a member of the Scarab Ransomware's family of file-locking Trojans. Different threat actors deploy these Trojans for encrypting their victims' files and keeping them hostage as leverage for ransom payments, which may use difficult-to-refund methods like Bitcoin. Always uninstall the Scarab-Bin Ransomware or prevent its installation with suitable anti-malware products, and keep your backups in locations that are at little to no risk of compromise.
The Insects that Keep Crawling Back Up Your Files
The same model of doing business that makes new, file-locker Trojans fast to proliferate also lends to their being equally quick to identify, once they're active in the wild. The mixed benefits and drawbacks to Ransomware-as-a-Service are self-evident in the family of the Scarab Ransomware particularly, which is only just launching another campaign, thanks to its Scarab-Bin Ransomware variant. The unique but minimalist ransoming message is a possible indication that its admin is unconnected with past file-locker Trojan campaigns, and may have limited experience in this illicit industry.
However, the Scarab-Bin Ransomware's data encryption shows no updates from previous updates and variants of the same family, running from the Scarab-Oneway Ransomware and the Scarab-Recovery Ransomware to the slightly older Scarab-Crypto Ransomware and the Scarab-XTBL Ransomware. All versions use an AES-based encryption attack that can target and block files of different formats throughout the PC, including Word documents, PDF documents, JPG, BMP, and GIF images, ZIP and RAR archives and others. This encryption guarantees that the threat actor has leverage for his ransoming demands, which the Trojan delivers through an accompanying Notepad message in English.
The Scarab-Bin Ransomware is one of a very few file-locker Trojans that use a 'real' extension of '.bin' for tagging each file that it locks. However, users can identify that these files aren't binaries due to the additional insertion of blank space and a bracketed address for a free, German e-mail service. The admin is withholding any details on the cost of his decryption help for restoring the files, but malware experts, as a rule, warn against paying until after the victim attempts all alternative solutions.
Putting a Pest Back in the Bin
Besides the symptoms of note above, the Scarab-Bin Ransomware also may take actions for deleting backup content on the local drives securely, including the Windows Shadow Volume Copies. This data erasure is a risk that malware experts often note in both the Scarab Ransomware family and other file-locking Trojans, in general. However, few threats of this classification can attack removable device-based storage or cloud backups.
The technique of brute-forcing access to a PC by cracking 'easy' passwords, before using RDP features for installing unwanted software, is a traditional infection vector for the Scarab-Bin Ransomware's family. However, Ransomware-as-a-Service rents its products out to third parties indiscriminately, and a disguised installer could hide inside of an illicit torrent download, an e-mail attachment, or the JavaScript content of a compromised website. Anti-malware products can catch and delete the Scarab-Bin Ransomware, for most infection attempts, along with uninstalling it safely, if it does succeed in infecting the PC.
The cost of buying the Scarab-Bin Ransomware's decryption application is unknown to malware experts and the rest of the cyber-security industry. Whether it's a handful of dollars or thousands, it's always a ripoff compared to just backing up your work diligently.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.