Home Malware Programs Ransomware Scarab-Bomber Ransomware

Scarab-Bomber Ransomware

Posted: June 20, 2018

The Scarab-Bomber Ransomware is a version of the Scarab Ransomware, which uses encryption for locking non-critical files on the PCs that it infects. This file-locking Trojan is in widespread circulation against Russian PC owners and may be targeting business enterprises for maximizing its ransom-based profits. Users should keep backups of their work for safeguarding against these attacks, test freeware decryptors when appropriate, and have a dedicated anti-malware product quarantine or delete the Scarab-Bomber Ransomware.

Media Bombing Done under a Beetle's Name

Russian business sector servers are under attack by a new version of the Scarab Ransomware, the Scarab-Bomber Ransomware, whose live deployment phase began en masse in the fourth week of June. While the Scarab-Bomber Ransomware's campaign is attacking specific entities in Russia, its data encryption routine may harm files on any PC without regard for the language settings, IP address, or other credentials associated with the geographical region. This version of this file-locking Trojan family also includes an unusual addition: an installation process that tricks the victim into believing that it's a non-threatening update or driver.

The initial setup routine generates LNK (or LiNK 'shortcut') files on the user's desktop with fake names related to Microsoft software updates or Realtek audio drivers. Once open, they start a full installation for the Scarab-Bomber Ransomware, which includes Registry changes and other, traditional exploits for loading the Trojan automatically. The Scarab-Bomber Ransomware payload is, mostly, similar to those of other Scarab Ransomware variants, and uses AES encryption for locking Word documents, Excel spreadsheets, JPG or BMP pictures and other media.

The Scarab-Bomber Ransomware also drops a ransoming message in Russian on the targeted PC, which delivers a series of ransoming instructions for the decryptor that may unlock the files. Criminals still using Bitcoin for their preferred payment option, which lets them keep any pay without concerns regarding refunds. Although malware experts don't encourage paying this ransom, the no-charge 'sample' that the threat actors provide could give a limited means of recovering at least three files.

The Only Bomb Shelter that Suffices against Encryption Attacks

Although many variants of the Scarab Ransomware are compatible with free, publicly-downloadable decryption apps, malware experts have yet to analyze the Scarab-Bomber Ransomware's encryption security for any weaknesses. However, the Scarab-Bomber Ransomware and related threats, like the Scarab-XTBL Ransomware, the Scorpio Ransomware, or the Scarab-Osk Ransomware branch, are incapable of targeting most cloud services. Detachable devices and backup servers without vulnerable logins also should provide adequate restoration solutions for the victims.

Threats using fake software updates for installing themselves may be distributed over advertising networks, hacked or corrupted sites, or even spam e-mails. As usual, most anti-malware products are detecting this version of the Scarab Ransomware without problems and should delete the Scarab-Bomber Ransomware before its encryption routine loads. Any files affected are recognizable immediately due to the Scarab-Bomber Ransomware's use of a Base64 name-encoding and the extra '.bomber' extension.

Although its family is notable for spending considerable attention on Russian victims, some Spanish users also are providing samples of 'test' builds of the Scarab-Bomber Ransomware. Whether or not that means that the Scarab-Bomber Ransomware is getting a global release, as well, is for time to tell.

Loading...