Tech & Science Scarabey: This ransomware threatens to slowly delete your files every 24 hours until you pay up

19:07  05 february  2018
19:07  05 february  2018 Source:   ibtimes.co.uk

How to delete a page from Word

  How to delete a page from Word Deleting a page in Word is a simple process, but one that seems to cause issuesThere is a number of methods but they all effectively end with the same steps. If you’re getting frustrated by blank sheets within your perfectly honed documents, or have rogue pages smack back in the middle, read on to find out how to delete a page in Word.

"24 files are deleted every 24 hours . (we have copies of them)," the ransom note reads. Similar to other ransomware , Scarabey demands a Bitcoin payment from victims after infecting their system and encrypting all files .

http://www.ibtimes.co.uk/ scarabey - this - ransomware - threatens - slowly - delete - your - files - every - 24 - hours - until - you - pay -1658742.

Scarabey demands a Bitcoin payment from victims after infecting their system and encrypting all files.© Getty Scarabey demands a Bitcoin payment from victims after infecting their system and encrypting all files. A new variant of the malicious Scarab ransomware has been uncovered in the wild that uses a different distribution method and threat to scare victims into paying up. While the original Scarab ransomware was distributed by a massive spam campaign hosted by the Necurs botnet, the new variant dubbed "Scarabey" targets Remote Desktop Protocol connections and is manually dropped on servers and systems.

Discovered in December 2017, researchers at Malwarebytes say the new threat seems to be targeting Russian users. Similar to other ransomware, Scarabey demands a Bitcoin payment from victims after infecting their system and encrypting all files.

Facebook makes privacy push ahead of strict EU law

  Facebook makes privacy push ahead of strict EU law Monday's announcements are a sign of Facebook's efforts to get ready before the European Union's General Data Protection Regulation (GDPR) enters into force on May 25.The videos will show users how to manage the data that Facebook uses to show them ads, how to delete old posts, and what happens to the data when they delete their account, Erin Egan, chief privacy officer at Facebook, said in a blog post.

The Scarab's ransom note notified victims that the price of the ransom will directly increase with the time, however, in case of Scarabey , they threaten victims to permanently delete 24 files every 24 hours until they pay the ransom.

#CyberSecurity http://www.ibtimes.co.uk/ scarabey - this - ransomware - threatens - slowly - delete - your - files - every - 24 - hours - until - you - pay -1658742 …

According to the researchers, the code between both Scarab and Scarabey are almost "byte-for-byte identical" but do include some notable differences.

"The malicious code is written in Delphi without the C++ packaging that Scarab has and the content and language of the ransom notes are different for each," researchers said in a blog post. "As far as the victim is concerned, the main difference between Scarabey and other Scarab ransomware is the language of the ransom note and the scare tactic used in encryption message."

The ransom note for the original Scarab was written in English, contained several errors and appeared to have been translated word-for-word from Russian text without proper English grammar or syntax.

'Underbelly Files: Chopper' star Aaron Jeffery reveals dramatic weight gain

  'Underbelly Files: Chopper' star Aaron Jeffery reveals dramatic weight gain His transformation is impressive.The 48-year-old, who stars as infamous gangster Mark 'Chopper' Read, has revealed the physical transformation he undertook to prepare for the role, including a considerable amount of weight gain.

The Scarab’s ransom note notified victims that the price of the ransom will directly increase with the time, however, in case of Scarabey , they threaten victims to permanently delete 24 files every 24 hours until they pay the ransom.

The third major difference between the two is that unlike Scarab, which tells victims the ransom fee will increase after a certain period of time, Scarabey tells victims it will delete 24 files after every 24 hours until there are no more files left.

Meanwhile, the ransom note for the new Scarabey variant is written in English.

"What's interesting is that when you throw the Scarabey note into Google translate, as I have done below, it contains the same grammatical errors as the Scarab note," the researchers noted. "This is more proof that that the authors of Scarab are likely Russian speakers who had written the note in their native language and run it through a translator to be added into the Scarab code.

Aaron Jeffrey on the pressure of following Eric Bana as Chopper

  Aaron Jeffrey on the pressure of following Eric Bana as Chopper Actor Aaron Jeffrey has big shoes to fill as Mark Chopper Read in Underbelly Files: Chopper as he follows Eric Bana's incredible performance.There was a feeling of panic for Aaron Jeffery.

The Scarab's ransom note notified victims that the price of the ransom will directly increase with the time, however, in case of Scarabey , they threaten victims to permanently delete 24 files every 24 hours until they pay the ransom.

When the Jigsaw Ransomware threatens to delete your files , it's not kidding. This is the first ransomware that we have seen that carries out its threats and will delete increasingly greater amounts of files each hour until the payment has been made.

"It would then seem quite likely that, since they decided to target Russians. they released the Scarabey note in their native language to cover more victims."

The threat used in the ransom note to scare victims into paying also differs from the original Scarab. While the Scarab ransom note warns victims that the price will rise the longer they wait to pay, Scarabey threatens to permanently delete 24 files every 24 hours until they pay the ransom and there are no more files left to recover.

"24 files are deleted every 24 hours. (we have copies of them)," the ransom note reads. "If you do not run the decryption program within 72 hours, all the files on the computer are completely deleted, without the possibility of recovery."

However, the Malwarebytes researchers say this is just a scare tactic leveraged by the threat actors.

"Essentially, the criminals are implying that they have copies of the unencrypted files to give back to the user, or that they have control of the victim computer to delete files," they said. However, the malware code does not include any indication that the hackers have copied files to a different location or that they have the ability to remotely delete files from the victim's computer.

"The conclusion here is that the deletion of files or the idea that the malware authors have access to delete files is purely a scare tactic used to urge users into sending money quickly," the researchers said.

Victims' files are encrypted using AES256 while the key used to encrypt them changes from file to file.

"If just a single encryption key was used for all of the files (which has been seen with other ransomware), you would be able to capture memory at any point in the encryption process, save the key, and use it to decrypt all of the files on your hard drive," Malwarebytes said. "Unfortunately, because of this key cycling that Scarab performs, it makes decryption of the files likely impossible."

Comedian Jim Carrey urges people to delete their Facebook accounts and dump the stock .
He's upset with the company for profiting from Russian meddling during the 2016 U.S. election. He asked all "other investors who care about our future to do the same." He added the hashtag "#unfriendfacebook."Facebook has admitted that 10 million people saw Russian-bought ads intended to sway the 2016 U.S. election. Facebook and Jim Carrey did not immediately respond to a request for comment.

—   Share news in the SOC. Networks
This is interesting!