Scarab-Deep Ransomware
The Scarab-Deep Ransomware is a part of the Scarab Ransomware family of file-locking Trojans. These threats use encryption for preventing media from opening, which can include documents, pictures, and other formats at the preference of the threat actor. Due to local backups being at risk of being deleted, you always should save backups to other devices for restoring any locked content, and keep anti-malware products for removing the Scarab-Deep Ransomware before it can attack.
The Scarab Ransomware Starts Jumping Off the Deep End
The Scarab Ransomware family, which is rented out to third parties under the Ransomware-as-a-Service or RaaS model, is getting another variant in apparent deployment as of the middle of July. The Scarab-Deep Ransomware uses a similar, encryption-based payload to that of its other family members, like the Scarab-Bin Ransomware, the Scarab-Recovery Ransomware or the Scarab-Leen Ransomware. However, its threat actor is hedging his bets by running an additional campaign from a separate family at the same time.
The Scarab-Deep Ransomware can lock files of different formats by using an encryption technique that's traditional to its family, such as an embedded AES algorithm. It adds '.deep' extensions into their filenames afterward, which provides a visual indication of what content is captive, and shows no other, initial symptoms while attacking the PC's media. The Scarab-Deep Ransomware and its relatives also include the Shadow Volume Copy-deleting feature that can endanger any local backups or system restore points, although malware experts note that any non-local backups (such as USB-based ones) should be intact.
Out of the Scarab-Deep Ransomware's copy-pasted ransom note, malware experts are finding the most stand-out detail its e-mail address for the negotiations. The same address has equally-recent ties to a the Dharma Ransomware (a branch of the Crysis Ransomware RaaS family) campaign. Threat actors deploying multiple file-locking Trojans of different families at the same time is a rare occurrence and may show that the Scarab-Deep Ransomware is profitable unreliably.
Separating Fake Windows Files from the Real Thing
The Scarab-Deep Ransomware is in circulation with the filename of 'msvcp_win.dll' and a matching set of forged signatures that pretend that the Trojan is a part of Microsoft's Windows OS. While its victims may encounter it through fake software updates, or similar infection vectors, malware analysts rate spam e-mails and RDP-based attacks as the most likely infection techniques for file-locker Trojans. The Scarab-Deep Ransomware's family has an extensive history for compromising business sector servers after brute-forcing their login credentials.
The creation of backups that the Scarab-Deep Ransomware can't delete is central to eliminating any data loss from its encryption, which free tools may or may not be capable of reversing. Disabling Word macros, updating vulnerable programs like Adobe's PDF Reader, using strong passwords, and scanning your downloads also can help protect your PC. Its victims can remove the Scarab-Deep Ransomware with any appropriate, Windows-based anti-malware product, and, then, recover their media through the latest backup.
The behavior of the Scarab-Deep Ransomware's threat actor could be either a positive or a negative sign. Although the Scarab-Deep Ransomware may not have its admin's full trust for locking files, with twice as many Trojans at work, twice as much media could suffer from encrypting.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.