Scarab-Glutton Ransomware

The Scarab-Glutton Ransomware is a minor variant of the Scarab-Bomber Ransomware, a file-locking Trojan that encrypts your media. At first, this threat targeted Russian speakers, although the new release issues its ransoming demands in English, instead. The encryption process is not always reversible, and most users should keep secure backups of all their files, along with having anti-malware programs available for deleting the Scarab-Glutton Ransomware by default.

The Gluttony of a Trojan for Your Files

The RaaS or service-based family of the Scarab Ransomware is noteworthy for its frequent abuse in attacking Russian speakers, as can be seen with individual variants like the Scarab-Rent Ransomware, Scarab-Ukrain Ransomware, Scarab-Oneway Ransomware and Scarab-Bomber Ransomware. However, English ransom messages also are periodic components of these Trojans' payloads, as malware experts confirm, again, with a variant of the latter: the Scarab-Glutton Ransomware.

The Scarab-Glutton Ransomware, an update of the Scarab-Bomber Ransomware, includes both an update to the file-locker Trojan's ransoming message (which it delivers, as always, in a Notepad TXT file), as well as a new filename extension that it appends to all of the encrypted media. Instead of translating the first, Russian message, the threat actor is using an English-language template that malware experts sometimes see with other versions of the Scarab Ransomware family. While victims should remain suspicious of entering into any ransoming negotiations,

Malware experts are finding no updates to the encryption routine, which non-consensually blocks files until the victim pays the ransom. The Scarab-Glutton Ransomware also may wipe any Shadow Volume Copies (or Windows default backups). Additionally, since most versions of its family utilize some degree of network security-breaching techniques, users should be aware of the chance of the Scarab-Glutton Ransomware targeting any accessible files over local network connections. Documents, pictures, and other, recreational or workplace media are the primary targets.

Putting the Scarab-Glutton Ransomware's Campaign on a Diet

Paying a file-locking Trojan's ransom is a gamble that, often, doesn't pay off for the buyer, who can end up purchasing a malfunctioning or even nonexistent decryption service. However, malware experts can recommend seeking help from interested specialists in the cyber-security industry, since some versions of the Scarab-Glutton Ransomware's family use a non-secure encryption method. Some victims may find additional use out of the free 'sample' of the decryptor that the Scarab-Glutton Ransomware's threat actors are offering.

The use of brute-force and RDP-based attacks for dropping members of the Scarab Ransomware's family is consistent throughout various campaigns, even those under the management of different criminals. Guard your network security credentials appropriately and monitor e-mail messages for any attempts at compromising your PC via corrupted attachments. Many anti-malware programs can delete the Scarab-Glutton Ransomware automatically, but any encrypted files aren't always curable.

The fact that the Scarab-Glutton Ransomware is changing up its language options makes it clear that the Scarab Ransomware isn't just for Ukrainians or Russians, it also is an equally pertinent danger to PC users around the world. Where you inhabit and whether or not you back up your files should, hopefully, have little direct correlation with one another.