Scroboscope Ransomware
The Scroboscope Ransomware is an encryption ransomware Trojan that carries out a typical version of this tactic by encrypting the victim's files and then demanding a ransom payment from the victim. It is preeminent that computer users take preventive steps to ensure that their data is safe from threats like the Scroboscope Ransomware. Furthermore, computer users should be familiar with the existence of threats like the Scroboscope Ransomware and ensure that their security settings and online activities allow them to avoid these attacks.
Table of Contents
How the Scroboscope Ransomware Infects a Computer
The Scroboscope Ransomware is being distributed most commonly through fake file downloads, often cracked games distributed via peer to peer file sharing networks or corrupted files. The Scroboscope Ransomware is written using VisualBasic and carries out a rudimentary attack, which will make the victim's files inaccessible. Threats like the Scroboscope Ransomware target the user-generated files in their attacks, such as those with the following file extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
Some Details about the Scroboscope Ransomware Attack
Once the Scroboscope Ransomware is installed, it will drop the following files on the victim's computer:
C:\Users\username\AppData\Local\Temp\a.bat
C:\Users\username\AppData\Local\Temp\b.bat
C:\Users\username\AppData\Local\Temp\c.vbs
C:\Users\username\AppData\Local\Temp\f.scrbr
The Scroboscope Ransomware does not damage the victim's operating system but will delete file backups and prevent the victims from accessing their data. The Scroboscope Ransomware attack will rename the files it affects with the file extension '.N0JJC” added to each file's name. The Scroboscope Ransomware also will drop the following three DLL files on the victim's computer:
C:\Users\username\AppData\Local\Temp\php_fileinfo.dll
C:\Users\username\AppData\Local\Temp\php_osinfo.dll
C:\Users\username\AppData\Local\Temp\php5ts.dll
These files store information about the encryption method and infected computer but are heavily obfuscated and cannot be accessed by the computer users. The Scroboscope Ransomware delivers the following message in a command line window once the attack has been completed:
Administrator: Don't close, it will harm your pc
The above message also will include an email address for the victim to contact the criminals. The advice from the security experts is that computer users should refrain from doing so.
Protecting Your Data from Threats Like the Scroboscope Ransomware
The best protection against threats like the Scroboscope Ransomware is to have file backups stored on protected places. Computer users should ensure that their computers also are guarded by a strong security program that is fully up-to-date. More importantly, computer users should take precautions when browsing the Web. Downloading files from shady locations is an easy way to infect your PC with malware, and computer users are strongly advised to avoid doing this to ensure that their computers remain safe from threats like the Scroboscope Ransomware.
