Home Malware Programs Ransomware Scarab-Recovery Ransomware

Scarab-Recovery Ransomware

Posted: July 12, 2018

The Scarab-Recovery Ransomware is a part of the Scarab Ransomware family of file-locker Trojans that can encrypt different formats of media and prevent them from opening. Besides locking documents, images, archives or other content, the Scarab-Recovery Ransomware also may create ransoming messages in text formats or erase your system backup data. Let your anti-malware solutions remove the Scarab-Recovery Ransomware or block its installation, and keep backups available for resolving any negative impact to your media.

A Well-Known Computer Bug Gets Another Boost

The boom in the Ransomware-as-a-Service industry seems disinclined to slowing down, with large groups of Trojan resources like the STOP Ransomware, the Globe Ransomware, and the uniquely Russian-English hybrid of Scarab Ransomware all maintaining apparent profitability. A new member of that last sub-group, the Scarab-Recovery Ransomware, also is showing potential ties to the same threat actors who manage the noted copycat of the Globe Imposter Ransomware. Its differences from other family members, while small, do express how different criminals' preferences affect their implementation of crimes like extortion.

The Scarab-Recovery Ransomware is part of the English-based side of the Scarab Ransomware collective and drops components in that language solely. The Scarab-Recovery Ransomware uses the same AES-based encryption method for locking files as other members of its family, such as the Scarab-Bin Ransomware, the Scarab-Oneway Ransomware, the Scarab-Osk Ransomware, and the partial Hidden Tear hybrid of the Scarab-XTBL Ransomware. Unlike most members of the Scarab Ransomware, however, the Scarab-Recovery Ransomware refrains from overwriting or converting the filenames – but, still, adds an extension ('.Recovery').

The TXT note of the Scarab-Recovery Ransomware also uses a stock format that supplies any victims with identification numbers and e-mail addresses for negotiating over the decryption service. While malware experts can't verify the compatibility of the Scarab-Recovery Ransomware with the latest Scarab Ransomware decryption tools, users always should test freeware solutions before taking any risks with paying criminals for their help.

The File Recovery that's Affordable to Anyone

Many file-locker Trojans use one of two exploits for distributing themselves: spam e-mails and brute-force attacks. The latter technique is traditional to the Scarab-Recovery Ransomware's family by enabling criminals to lock files on business-owned servers after compromising their login credentials. However, malware experts also observe installation attempts for threats of the Scarab-Recovery Ransomware's classification using fake AAA gaming cracks or mods, along with forgeries of invoices, news articles and malvertising (corrupted advertising).

Like most members of its family, the Scarab-Recovery Ransomware also may erase the Shadow Volume Copies or backups that are accessible from the infected PC. Since this risk is endemic to file-locking Trojans of most origins, malware experts recommend that you store your backups on another device entirely, such as a DVD, USB or cloud server. Anti-malware products of most brands also are capable of uninstalling the Scarab-Recovery Ransomware and should quarantine the threat before any of its' attacks run.

The stylistic choices in its ransom notes and filename edits may set the Scarab-Recovery Ransomware apart from other Scarab Ransomware variants, but don't reduce its file-locking features. Until this family stops being a high-traffic threat, no one should consider their work safe without a good backup.

Loading...