Scarab-Crypto Ransomware
The Scarab-Crypto Ransomware is a file-locker Trojan from the Amnesia Ransomware family. This Delphi-based threat prevents you from opening different types of media, such as documents, by encrypting them, before creating a text message asking for Bitcoins for its decryptor. Restore your files from backups or via other, free solutions, when possible, and protect your computer by having anti-malware products remove the Scarab-Crypto Ransomware immediately.
The Bug that's Nibbling on Your Files
The con artists are, once again, using the Amnesia Ransomware family's code for extorting money after damaging the files of their victims. Malware specialists have yet to determine whether the original threat actors remain active or if a third party is renting the Trojan's code with appropriate modifications for collecting ransoming money. The Trojan's use of AES cryptography is unchanged, as do its other features, such as the ransoming note generation.
Variants and clones of Amnesia Ransomware often circulate throughout eastern Europe, such as Russia and adjacent regions, although the Scarab-Crypto Ransomware, like most of its relatives, uses English messages. The Delphi-designed program encrypts your files automatically using a variant of an AES cipher for 'locking' them and stopping them from opening and also appends a new extension of '.crypto' onto their names. Users may or may not be capable of retrieving their lost files via the VSS or the Shadow Volume Copy, which is Windows' default backup solution.
The other features malware experts recommend expecting from the Scarab-Crypto Ransomware infections include:
- The Scarab-Crypto Ransomware creates Notepad files that it may place on the desktop or inside of the same folders as any encrypted data. These messages ask the user for Bitcoins and provide an e-mail address and other information associated with the ransoming process. Victims should remember that paying for the decryption software doesn't guarantee the con artists' delivering it.
- Recent members of the Scarab-Crypto Ransomware's family also delete the encrypted files after the passage of a set amount of time, such as six hours or one day. Threat actors employ this attack, which is the hallmark of the unaffiliated Jigsaw Ransomware family, for inciting fast payments.
A Simple Extermination for a New File Infestation
Although the Amnesia Ransomware is, primarily, a threat whose activity malware experts associate with the previous year, the Scarab-Crypto Ransomware is an indication that the con artists are finding their software competitive in the modern threat landscape. The Scarab-Crypto Ransomware is most likely of targeting Russian business entities, ones operating with poor network security protocols particularly. It may infiltrate your PC by exploiting e-mail attachments or browser-based threats, like the Nebula Exploit Kit.
The first Amnesia Ransomware is potentially compatible with free decryption programs for unlocking your documents, pictures and other media. However, this family also experiences periodic updates, including Amnesia 2 Ransomware, the Cryptoboss Ransomware, and the notable offshoot of the Scarab Ransomware campaign. Removing the Scarab-Crypto Ransomware, or similar threats, with anti-malware tools as soon as possible eliminates both the possibility of additional encryption or the deletion of your files occurring.
Malware experts don't know the amount of Bitcoins the Scarab-Crypto Ransomware's threat actors want for the fix to the data attacked. What's definite, however, is that keeping decent backup and network security standards always are cheaper than giving money to con artists.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.