Home Malware Programs Ransomware Scarab-Horsuke Ransomware

Scarab-Horsuke Ransomware

Posted: May 18, 2018

The Scarab-Horsuke Ransomware is a threat that uses the AES encryption to keep your files from opening. Its attacks target documents and other media of prominent formats in both recreational and workplace system environments. Due to the absence of a working, freeware decryptor, users without backups may be incapable of accessing the affected files indefinitely. Traditional anti-malware solutions should remove the Scarab-Horsuke Ransomware immediately and prevent the damage associated with an infection.

A Not-So-Noble Steed Comes Back for More

Less than a month after its identification, the file-locking Trojan with the semi-whimsical mascot, Scarab-Horsia Ransomware, is experiencing an update that swaps out some of its ransoming details without changing much of its identifying set of features. Whether the Scarab-Horsuke Ransomware owes its existence to the same criminals requiring new communication and ransom-collecting accounts or is the work of a different threat actor, is still a subject of investigation.

The Scarab-Horsuke Ransomware's family targets media formats of widespread use to PC users both casually and in the workplace, such as Word documents, JPG pictures and others. While the immediately visible impact of its attack is the appending of a new '.HORSE' extension on their names, the Scarab-Horsuke Ransomware also locks the files through the AES encryption. The encryption method that the Scarab-Horsuke Ransomware uses, like that of most members of the Scarab Ransomware's family, is secure from casual decryption efforts by third parties, which makes the most unambiguous data-unlocking solution the threat actor.

Accordingly, the Scarab-Horsuke Ransomware solicits Bitcoin ransoms for its decryption service by changing the user's desktop to a ransom note featuring the Anonymous mascot riding a donkey or horse, along with creating a text file with detailed instructions. Using cryptocurrency in this fashion is a strategic preference that malware experts note as being endemic to the file-locking Trojan industry, thanks to the limited refunding possibilities available to any victims.

Bringing a Trojan's Ride to an Ignoble Stop

E-mail and Remote Desktop exploits are two of the most archetypal strategies the cybercriminals use for installing file-locking threats, particularly ones of the Scarab Ransomware family. The Scarab-Horsuke Ransomware and related Trojans, like the Scarab-XTBL Ransomware or the Scorpio Ransomware, launch their attacks without any symptoms until the encryption routine finishes. Any PC users with files worth paying ransoms for preserving should consider restoration options involving prevention-based solutions, such as backing up their media to another device.

Although the Scarab-Horsuke Ransomware has limited differences from those exhibited by the other, new variant of the Scarab Ransomware's family, it is capable of locking files permanently. Developing a decryption solution through appropriate cryptography experts in the cybersecurity industry may or may not be possible, although malware experts encourage contacting appropriate entities in the industry for help, particularly, instead of paying a Bitcoin ransom. Any high-quality anti-malware programs should detect and delete the Scarab-Horsuke Ransomware, the Scarab-Horsia Ransomware, and other, file-locking Trojans as default behavior.

The Scarab-Horsuke Ransomware is a complementary 'second coming' of a Trojan with almost nothing new to show for its payload, except for renewing its threat actors' historical records of persistence. Whether you're paying attention to your backup schedule or not, the cybercriminals are working hard to make the most of any lapses in data storage, with direct harm to your finances and files, as a result.

Loading...