Home Malware Programs Ransomware Scarab-Bitcoin Ransomware

Scarab-Bitcoin Ransomware

Posted: July 2, 2018

The Scarab-Bitcoin Ransomware is part of the Scarab Ransomware family of file-locking Trojans, which target both English and Russian speakers. Symptoms of the Scarab-Bitcoin Ransomware infections include being unable to open your 'locked' file especially, with their names overwritten by Base64-derived strings of semi-random characters. Let your anti-malware programs remove the Scarab-Bitcoin Ransomware safely from your computer and, if it's available, use a backup for recovering any inaccessible media.

Trojans that Say What They Want Upfront

The next version of the Ransomware-as-a-Service or RaaS family of the Scarab Ransomware is giving its victims very transparent ransoming demands that include the currency of preference in the names of the same files that it attacks. The Scarab-Bitcoin Ransomware's appearance in the wild dates to mid-June, but this family of file-locking Trojans has been operating since last year. Malware experts are, regrettably, confirming that the Scarab-Bitcoin Ransomware is not compatible with current decryption solutions.

The Scarab-Bitcoin Ransomware uses AES, one of the most traditional and quick-to-implement encryption methods, for locking a range of formats of data on Windows machines. Its attacks may block different text document types, spreadsheets, pictures, slideshows, archives, audio recordings or movies. While doing so, the Trojan also replaces their names with Base64-converted equivalents and adds '.bitcoin' extensions at the end. The extension use is unique to the Scarab-Bitcoin Ransomware, but most members of the Scarab Ransomware family use a similar name-overwriting technique.

The Scarab-Bitcoin Ransomware belongs to the English-targeted branch of its family and creates Notepad messages asking for Bitcoin ransoms for recovering your files. Malware experts are noting limited differences in the extortion instructions, relative to similar variants of the threat, such as the Scarab-Bomber Ransomware, the Scarab-Crypt000 Ransomware, the Scarab-Oblivion Ransomware or the old Scarab-Crypto Ransomware. Paying is, as always, not advisable for getting your files unlocked, since criminals suffer no penalties from ignoring any transaction obligations.

Distancing Your Files from a Cryptocurrency-Making Machine

RaaS Trojans like the Scarab-Bitcoin Ransomware's family take advantage of decentralizing their distribution structures and using third parties for compromising their victims at random. However, most file-locking Trojans have connections with security breaches through spam e-mails, including both attached downloads and body-embedded links, as well as RDP exploits and brute-force attacks. Users who monitor their network security, use conservative passwords, and avoid downloading files from suspicious sources without scanning them, first, are at a reduced risk of a Scarab-Bitcoin Ransomware infection.

The Scarab Ransomware family is under active development, and its authors modify the encryption-based features of the Trojan's payload periodically. The Scarab-Bitcoin Ransomware edition of this threat is not compatible with the decryption tools that are available to the public, so far. Malware experts strongly advise backing up your files to another device that's not vulnerable to attacks, and having active anti-malware products engaged in removing the Scarab-Bitcoin Ransomware automatically.

The progressive march of RaaS services is one that often results in bad news for anyone who's careless with their file storage solutions. Just because the Scarab-Bitcoin Ransomware is related to other Trojans whose attacks are curable doesn't imply the same chances for data restoration are available for it, as well.

Loading...