Home Malware Programs Ransomware Scarab-XTBL Ransomware

Scarab-XTBL Ransomware

Posted: April 19, 2018

The Scarab-XTBL Ransomware is a Trojan that uses components based on the Scarab Ransomware and Hidden Tear for locking your files and demanding money for restoring them. Any users with data requiring recovery should consult a trustworthy member of the cyber-security community for help with free decryption and ignore the Trojan's accompanying ransom notes. Most anti-malware products are accurate at detecting and removing the Scarab-XTBL Ransomware automatically, which is the recommended protocol for protecting your PC and its files.

A Mutant Trojan with Commonplace Motivations

Malware researchers are finding new versions of Hidden Tear in April, but this variant is generous about outsourcing its components and symptoms unusually, including its attacks and aesthetics. The Scarab-XTBL Ransomware operates similarly to the CrY-TrOwX Ransomware, the Rastakhiz Ransomware, the Facebook-exploiting Nulltica Ransomware, the Ultimo Ransomware, and other HT variants: it locks your files using an AES encryption routine automatically and, then, creates text messages telling the users that they should pay for restoring them. However, the Scarab-XTBL Ransomware also includes many details hearkening back to other types of file-locker Trojans.

Firstly, the Scarab-XTBL Ransomware adds the '.xtbl' extension to everything it locks, which is a hallmark of the Troldesh Ransomware campaign of 2015. It also drops text messages using mostly-recycled content, such as claims of 'security problems' with the infected PC that are very similar to the warnings of the BlackJockerCrypter Ransomware and the Scarab Ransomware. The latter files solicit Bitcoin payments for decrypting and, thereby, unlocking your media, although malware experts advise against paying.

Like most versions of Hidden Tear, the Scarab-XTBL Ransomware is specific to Windows, with some indicators that its threat actors may be targeting users of Windows 98. However, the Scarab-XTBL Ransomware's data-locking payload is no less effective against the users of modern OSes like Windows 10. Documents, pictures, archives, and audio all exemplify the formats of media that this threat holds hostage by default.

Keeping a Fusion of Bugs from Burrowing Through Your Files

The Scarab-XTBL Ransomware's samples are showing clear indicators of imitating free software and in-demand premium programs, such as RonyaSoft label makers. Victims are most likely of compromising their PCs after downloading the Scarab-XTBL Ransomware's misnamed executable from a torrenting network or other, equally non-secure resource. Downloading these programs from the appropriate company or organization website directly can keep you from installing 'software' like the Scarab-XTBL Ransomware with a name that doesn't match its functionality.

In the process of installing itself, the Scarab-XTBL Ransomware registers a Mutex and makes other changes to the Windows Registry, along with dropping files with intentionally obfuscating names. Users should avoid removing this threat manually, although the manual restoration of backups may be mandatory for guaranteeing a perfect data recovery. Most anti-malware products should remove the Scarab-XTBL Ransomware on sight like other versions of Hidden Tear, which malware experts rate as having limited protection from conventional AV technology.

The Scarab-XTBL Ransomware is as much of a danger to your files as you allow it to be by depriving yourself of a high-quality recovery option. Saving backups often and safely is cheaper than paying ransoms, particularly for Trojans that the con artists can make nearly-instantaneously through collecting the resources of old campaigns.

Loading...