Apart from stumbling upon new cryptovirological strains, ransomware removal experts regularly discover the variants of existing ransomware families as well. For instance, a team of malware hunters has recently discovered a variant of Scarab ransomware.
According to the initial investigation, the new Scarab edition uses email attachments and compromised URLs to drop the cryptovirological payload. After the completion of encryption, the affected files are appended with the extension ‘aztecdecrypt@protonmail.com’ and a ransom note in a text file appears on the screen.
The attackers urge victims to immediately contact them in order to pay a smaller extortion amount. The operators don’t mention any particular ransom amount. Nevertheless, they provide a short guide in the note for the affected users to purchase Bitcoins as a ransom payment.
In order to confirm that they possess the complete decryption code for unlocking the encrypted files, the operators offer free decryption of one file of up to 10 MB. The attackers also direct the victims to not send the file with important information such as databases and large spreadsheets.
The attackers also warn the affected to refrain from renaming the encrypted files because it can permanently corrupt them. The attackers also threaten to increase the ransom amount if the targeted users try to attempt ransomware removal through any third-party software.
Like other Scarab strains, the latest discovery also used the combination of RSA and AES encryption module to lock down the files on targeted devices. This combination turns out to be really lethal because it generates a unique decryption key for every affected device, which is only stored in the command and control server of the attackers. This means ransomware removal experts can’t come up with a single decryption key to disinfect multiple affected devices. They have to work out a different decryption key for every single infection.
