There is a story about a serial killer who kidnaps his victims and then asks them to take two pills. He told them that one pill is harmless and the other is poisonous.It’s like you can decide whether you have to die or not. But no matter which pill they took they all died. But we don’t need to pay , we have the power to find them and we can pay them for what they did. We can make them an example for future.
A form of ransomware which stocks similarities with Locky and also comes with the choice for infected victims to negotiate a cost for retrieving their encrypted documents.
In June scarab ransomware was initially uncovered, but during November, it was distributed in an incredible number of spam emails suddenly, as noted by experts at Fortinet. These emails were distributed by Necurs, the botnet infamous for growing the highly-successful Locky ransomware.
The file-encrypting malware is deployed when the victim runs a VBScript application contained within a malicious email, which retrieves Scarab from payload websites. This script contains similarities to the delivery mechanism used to deliver Locky.
Those behind Scarab also have chosen to fill the source code of the ransomware using what appear to be references to Game of Thrones character, Jon Snow.
Once installed and executed on the victim’s computer, the malware will hook up to a website which provides the attacker with the Ip and other machine information more likely to aid the attacker in monitoring victims.
If the machine is taken offline through the process even, the ransomware encrypts the files with the still .scarab file extension and presents the victim with a ransom note.
But than demanding a set payment charge rather, the attackers behind Scarab ask the victims to email them in order to negotiate a payment in Bitcoin.
The usage of a contact address suggests the attackers aren’t as advanced as those behind other forms of ransomware. However, they do appear to work on the theory that if the victim is allowed by them to set a price, they’re much more likely to get a payment.
“The negotiation process urged by the Scarab ransomware is interesting especially. While getting into negotiations definitely helps it be more likely a ransom of some type or kind will be paid, it also allows them to fluctuate demands with respect to the value of Bitcoin at that right time,” said Aaron Higbee, CTO and co-founder of PhishMe.
Experts suggest the rise in the value of Bitcoin has played the right part in the change to the strategy. A charge of around one Bitcoin was set a ransom demand during 2016 often when the value of Bitcoin was under $1000. At the time of writing,
Attackers are likely to understand the average victim isn’t heading to really have the money to pay this fee, so by allowing the sufferer to suggest a cost, those at the rear of Scarab will guarantee a pay-day for their criminal work.
Those behind Scarab also try to establish they can be trusted to carry up their end of the harmful deal by using a common tactic by ransomware distributors offering to decrypt some files free of charge. In addition, they provide instructions about how to obtain Bitcoin to be able in order to receive payment from victims.
However, these aren’t works of community spirit, by extorting a payment out of the unfortunate victim a reality hammered home by the way the ransom note says “Decryption of your documents by making use of third parties could cause an elevated price”. The attackers also add that by trying to use decryption tools, the victim “can become a victim of a scam”.
Researchers are unsure if Scarab will be a temporary ransomware campaign currently.