Home Malware Programs Ransomware Scarab-Enter Ransomware

Scarab-Enter Ransomware

Posted: November 22, 2018

The Scarab-Enter Ransomware is a file-locking Trojan and member of the Scarab Ransomware family. Threat actors may drop it onto your PC after compromising your network's login or firewall or tricking you into interacting with a corrupted e-mail, after which, it can block media on your computer. Anti-malware solutions should delete the Scarab-Enter Ransomware safely at any point, but backups may be the only way of recovering your files.

A New Bug Enters the Fray

Victims of data-based extortion attacks are uploading samples of a new version of the Scarab Ransomware, a family of file-locking Trojans with both origins and victimizing preferences centralizing around the former Soviet Union. Malware experts have yet to confirm which branch of this large family the Scarab-Enter Ransomware belongs to, which may be targeting particular Eurasian business networks or the rest of the world's vulnerable servers opportunistically. Differences in the version it's basing its code off of, such as the Scarab-Osk Ransomware, the Scarab-Bomber Ransomware, the Scarab-Glutton Ransomware or the Scarab-XTBL Ransomware, may make the difference in how retrievable the user's files end up being.

These file-locker Trojans use a 256-bit, AES encryption for locking the users out of their media, which consists of various formats of documents, pictures, archives, databases, spreadsheets, music or videos. Each Trojan appends a different, custom extension to these files, for giving their campaigns a 'brand' label, which, in the Scarab-Enter Ransomware's case, is the '.Enter' extension. While the filename edits are nothing more than cosmetic, the data encryption prevents the files from being interpretable by their compatible software.

The Scarab-Enter Ransomware creates a Notepad file that has its simple ransoming instructions for any victims, which provide both e-mail and BitMessage-based negotiating channels. Since malware experts long since verified the Scarab-Enter Ransomware's family as being Ransomware-as-a-Service-based, the threat actors' reliability is variable, and they may take any ransom that they ask for without helping the victim with the decryption process. At this time, only one anti-malware vendor is offering decryption services for Scarab Ransomware variants. However, recovery isn't guaranteed.

Cheaply Mitigating a Network Infestation Problem

The Scarab-Enter Ransomware is part of a family with a known history of targeting business networks through Remote Desktop and brute-force attacks. Network admins may be leaving their servers at risk by using factory-standard (or easily guessable) login combinations, by having ports opened needlessly or by letting their Remote Desktop settings stay open to outside interference. Remote attackers are blockable by using appropriately sophisticated passwords, keeping ports closed and RDP features disabled and avoiding contact with e-mail spam, which targets business employees with corrupted attachments or links.

Public, non-ransom-based decryption solutions for the Scarab Ransomware's variants are unreliable. Malware experts also find nearly all versions of the family, including the Scarab-Enter Ransomware, as being capable of both wiping the Windows backups and targeting network-accessible drives. Save your backups to secure, separate devices for giving yourself recovery options for any would-be encrypted media appropriately. Most anti-malware products, also, should delete the Scarab-Enter Ransomware outright.

Windows users will need to save themselves before the business that the Scarab-Enter Ransomware belongs to will start seeing less of a profit. Paying a ransom or making a backup should be an easy decision to make, but too many victims are taking too much time making up their minds.

Loading...