Home Malware Programs Ransomware Scarab-Rebus Ransomware

Scarab-Rebus Ransomware

Posted: May 31, 2018

The Scarab-Rebus Ransomware is part of the Scarab Ransomware family of file-locking Trojans. These threats may lock your files by converting them into encrypted formats, as well as changing their names and displaying messages requesting Bitcoins for a data recovery solution. Have an anti-malware program remove the Scarab-Rebus Ransomware after any detection immediately and keep regular backups for saving your data from similar attacks.

More Eggs from a Nest of File-Snatching Beetles

Threat databases in the cyber-security industry are detecting more updates of the Scarab Ransomware family: a group of Trojans using the AES encryption for data hostage-taking campaigns. The Scarab-Rebus Ransomware, one of the newest samples malware experts are examining, is likely of being a split-off of the family's Scarab-Walker Ransomware branch similar to the Scarab-Osk Ransomware. At this time, only cosmetic differences are verifiable in the new file-locker Trojan's payload.

The Scarab-Rebus Ransomware attacks digital media on the basis of their formats, with Word documents, Excel spreadsheets, Adobe PDFs, and images (JPG, BMP, GIF, etc.) being traditional examples of the content at risk. Besides encrypting their internal data with an AES-based algorithm for keeping them from opening, the Scarab-Rebus Ransomware also converts their names into Base64 equivalents, making them resemble random characters. Another feature of this family is the extension the Trojan adds, which, in the Scarab-Rebus Ransomware's case, consists of the '.REBUS' string.

After blocking these files, the Scarab-Rebus Ransomware creates a minor variation of the Scarab-Walker Ransomware's ransoming message, which uses slightly different payment details and the ASCII art. Malware researchers discourage paying the Bitcoin ransoms that the Scarab-Rebus Ransomware and other Scarab Ransomware variants demand, which correlate poorly to the successful decryption and unlocking of the victim's files.

Keeping the Online Beetle Population to a Minimum

The Scarab-Rebus Ransomware's campaign may use spam e-mails, bundling with in-demand torrents, or brute force attacks against business, government, or NGO networks for gaining the initial access to a vulnerable computer. Besides being Windows-specific, the Scarab-Rebus Ransomware has limited compatibility restrictions and targets data types that are in extensive use around the world explicitly. Using traditional, well-maintained security software and avoiding bad habits like using easily-broken passwords can keep most PCs safe from both this Trojan and other versions of the Scarab Ransomware.

No free decryption software is available for the latest members of this family. Although users may quarantine samples of the Scarab-Rebus Ransomware for future analysis by the anti-malware industry, malware experts encourage heavily using backups saved to secure, non-local drives for preserving any irreplaceable or financially-valuable files. PCs with adequate anti-malware protection also should identify and remove the Scarab-Rebus Ransomware before it starts encrypting any media.

The Scarab-Rebus Ransomware is one of an ever-increasing line of file-locker Trojans using attacks that are easier for preventing than undoing the consequences of, alongside the Scarab-Osk Ransomware, the Scarab-Walker Ransomware, the Scarab-Horsia Ransomware, the Scorpio Ransomware and other members of the Scarab Ransomware's family. Whatever the cost of backup services might be for your PC, they are less expensive than paying Bitcoin ransoms almost always.

Loading...