Home Malware Programs Ransomware Scarry Ransomware

Scarry Ransomware

Posted: October 30, 2020

The Scarry Ransomware is a file-locking Trojan that's part of the Scarab Ransomware family. The Scarry Ransomware can encrypt and lock users' media and holds them hostage with Russian-language ransom notes that include a premium decryption advertisement and other technically-misleading warnings. Users should always have a backup for recovery from such attacks, and the right anti-malware product should remove the Scarry Ransomware.

A Study in Russian Trojans' Tactics

The Scarab Ransomware is an 'odd duck' family in several ways, as far as Trojan Ransomware-as-a-Services go. Still, recent variants stick to many traditions in similar campaigns, including a propensity towards scamming their victims. Those taking the latest version, the Scarry Ransomware, at its word, might find themselves out of money with little to show for it.

The Scarry Ransomware is a Windows program that targets Russian-speaking PC users. This trait is typical, if by no means universal, throughout variants of the Scarab Ransomware family. Distinct comparison points include the Scarab-Oneway Ransomware, the Lampar Ransomware, the MonCrypt Ransomware and the Scarab-Oops Ransomware use either Cyrillic or English-language ransom notes. However, the Trojans, including the Scarry Ransomware, drop these messages after a much more acute attack: encrypting digital media.

The Scarry Ransomware's encryption routine locks most media formats on the user's PC securely while also taking care of wiping the Restore Points that would let victims recover from local backups. Of further note is that the Scarry Ransomware is part of a relatively sparse set of families that will overwrite files' names entirely and replace them with Base64-style random characters and the Trojan's name.

Of equal importance is that the Scarry Ransomware's ransom note claims that the attackers can delete files every twenty-four hours. Malware experts caught such assertions on prior samples without correlating them to a feature for doing so. As such, victims should assume that the Scarry Ransomware runs the same tactic for forcing victims into hastily paying.

Saving Media from the Jaws of a Cyber-Beetle

All of the Scarry Ransomware's attributes are ones that are of previous note within its Ransomware-as-a-Service family. The Trojan's group is, notably, one of the few specializing in any specific region of the world, much less Russia and other ex-Soviet Union countries. Still, the encryption feature is just as useful in most Windows environments, and one that all users should take preparations against experiencing unmitigated.

Backups on other devices are, generally, the most effective, reliable, and cheap means of restoring files from a file-locker Trojan infection. Malware researchers also recommend that users be especially careful around e-mail attachments, such as supposed invoices, or torrents, such as game cracks, which are responsible for many attacks by this category of threat. Most victims can prevent infections merely by using safe Web-browsing habits and scanning all their downloads before opening.

Anti-malware services from trustworthy vendors are long-familiar with file-locker Trojans, generally, and the specifics of the Scarab Ransomware RaaS. Systems with appropriate protection by these products should delete the Scarry Ransomware before the encryption even starts.

The Scarry Ransomware certainly is a 'scary' program, but no more or less than its immediate insect ancestors. When a backup a day keeps the bug bites away, anyone failing at that has only themselves to blame for the lingering sting of encryption.

Loading...