Home Malware Programs Ransomware Servicedeskpay@protonmail.com Ransomware

Servicedeskpay@protonmail.com Ransomware

Posted: August 9, 2018

The 'Servicedeskpay@protonmail.com' Ransomware is a part of the Scarab Ransomware family and, like other members, can lock your PC's files by encrypting them. These attacks don't intentionally damage your operating system but will harm media that's suitable for ransoming, such as documents. While many anti-malware products should delete the 'Servicedeskpay@protonmail.com' Ransomware easily, only secure backups and preventing infections can provide any absolute safety for your files.

A Bug Comes Crawling Back for More Ransoms

The next version of the Scarab Ransomware family is using attacks with sufficient security to keep cyber-security researchers from cracking their encryption. Since these Trojans use a Ransomware-as-a-Service mode of distribution, the threat actors who are responsible for the 'Servicedeskpay@protonmail.com' Ransomware's ransom collection and installation exploits, also, could be using new techniques for compromising others' PCs. The 'Servicedeskpay@protonmail.com' Ransomware variant of Scarab Ransomware drops notes that are most suited for native English-speaking countries, but it may be operational elsewhere, such as Russia.

Malware experts determine that the 'Servicedeskpay@protonmail.com' Ransomware is from the Scarab-Bomber Ransomware fork of this family, which includes numerous updates and modest variants, like the Scarabey Ransomware, the Scarab-Osk Ransomware, and two versions of the Amnesia Ransomware. Its authors provide premium access to their file-locker Trojan after the third-party criminal agrees to their fee, and places all responsible for targeting victims or installing the Trojan on that affiliate.

The 'Servicedeskpay@protonmail.com' Ransomware uses the vanilla, AES in CBC mode-based attacks for locking files, like most other versions of the Scarab Ransomware. This feature displays no UI or symptoms for the victim while it's ongoing, and can include network-shares folders, as well as native ones, such as the desktop and the user profile's downloads. Unlike many file-locking Trojans, malware experts find no overwriting of filename text in the 'Servicedeskpay@protonmail.com' Ransomware's 'locking' routine, but the Trojan does add a short '.sdk' extension after the existing one.

The Problem of Paying for an Unlocking Service

Like an overwhelming majority of file-locking Trojans, the 'Servicedeskpay@protonmail.com' Ransomware uses a Bitcoin-based ransom-collecting method. By specifying such a cryptocurrency, the criminal guarantees that he can take the payment and not be beholden to any legal or financial repercussions from refusing to give the victims their decryption solution. While a Russian PC security company does provide a Scarab Ransomware decryption service, it requires further updating for the 'Servicedeskpay@protonmail.com' Ransomware. Victims may provide samples of the threat to interested parties for some additional analysis of its cryptography method.

With the uncertain nature of ransom-based unlocking of your data, malware experts highly stress using backups as the most reliable alternative. Always save backups to secure locations on a secondary device, which can be a cloud-based server or a portable drive. Anti-malware programs of most brands should delete the 'Servicedeskpay@protonmail.com' Ransomware at any point, although many members of the Scarab Ransomware use manually-directed installation tactics that could disable the associated security software, first.

Ransomware-as-a-Service is a profitable industry for both the Trojans' programmers and their potentially less talented partners. It's the inarguable responsibility of PC users with ransom-worthy media to protect it with backups and good network safety habits so that offshoots like the 'Servicedeskpay@protonmail.com' Ransomware become less prolific.

Loading...