Home Malware Programs Ransomware Scarab-Horsia Ransomware

Scarab-Horsia Ransomware

Posted: May 8, 2018

The Scarab-Horsia Ransomware is part of the Scarab Ransomware family of file-locking Trojans, which often install themselves through spam e-mails or brute-force attacks against networks. The Scarab-Horsia Ransomware and other members of its group can use encryption for blocking various formats of data, such as documents, and then, create ransoming images and messages. Have your anti-malware programs uninstall the Scarab-Horsia Ransomware from the infected PCs and restore any media through a backup.

Horses Riding in to Ruin Your Computer's Day

Even though malware researchers have been taking note of some of the Scarab Ransomware's most notorious attacks since 2017, this Trojan family isn't done extracting money from its victims, yet. A new version of the file-locker Trojan, the Scarab-Horsia Ransomware, is verifiable for deploying all of the same attacks, but under a new, horse-based brand. While its appearance is different from previously, the Scarab-Horsia Ransomware is just as much of a hazard to the files of any Windows computer as the other members of the Scarab Ransomware collective.

The Scarab-Horsia Ransomware uses AES-based encryption for the locking of Word documents, JPG or GIF pictures, and other media not associated with the running of the operating system. Although the Scarab-Horsia Ransomware doesn't modify the names of these files, it does add new extensions to them for displaying its custom e-mail address.

Peripheral features of the Scarab-Horsia Ransomware's payload both focus on its ransoming communications. Malware experts can confirm the following two:

  • The Scarab-Horsia Ransomware swaps out the user's desktop wallpaper for one of its choosing, which displays a generic, encryption warning, an image of the infamous Anonymous mascot riding a horse or donkey, and, again, the e-mail address.
  • Only the Scarab-Horsia Ransomware's dropped Notepad text message gives any more details: a personal identification string, offers of free decryption (as a 'sample' for up to three files), and a request for a non-specific amount of Bitcoins. Any victims are asked to contact the threat actor at his e-mail for paying the cryptocurrency ransom and, potentially, buying a decryption service.

Reining in the Excesses of a Well-Known Bug

The campaigns of various re-releases of the Scarab Ransomware, such as the Scarabey Ransomware, the Scarab-XTBL Ransomware or the Scarab-Oblivion Ransomware, all use different ways of compromising new victims. Malware experts stress the importance of networks protecting themselves from brute-force attack especially, which take advantage of unsafe username and password combinations for gaining access to servers, after which, they may use RDP exploits for installing the Trojan. Many attacks from the Scarab-Horsia Ransomware's family also employ misleading e-mail messages and corrupted file attachments.

Not every version of the Scarab Ransomware has perfect protection from the free decryption resources available to the cyber-security industry. Victims without other options may contact a trusted anti-malware researcher with experience against file-locking Trojans for determining whether or not the Scarab-Horsia Ransomware's locked files are recoverable. Non-local, secure backups are still recommended for most purposes, and anti-malware programs of most brands should eliminate the Scarab-Horsia Ransomware automatically.

The Scarab-Horsia Ransomware is a, mostly, cosmetic face-lift to a family of Trojans that need few changes for extorting money from unprepared PC users. Those who dislike the idea of paying Bitcoins to get their digital belongings back should be in the habit of updating their spare backups as often as possible.

Loading...