SCR Ransomware
The SCR Ransomware is a file-locking Trojan that encrypts media on the user's computer so that it can hold it for ransom. Most Windows users should protect their files with backups since its family, the AES-Matrix Ransomware family is secure from decryption. Standard security protocols and solutions also are integral for preventing infections or uninstalling the SCR Ransomware.
Adding More Victims to a Matrix of Numbers
The AES-Matrix Ransomware family is staying neck-and-neck with many of the other, similarly-active threats of 2021. This Trojan group is noteworthy for a secure encryption feature that blocks files and turns them into hostages. The latest update to profit from this attack: the SCR Ransomware.
The SCR Ransomware's encryption feature uses both AES-128 and RSA-2048 algorithms for sufficiently securing the user's documents, pictures, movies and other media from opening. The attack is easily identifiable from the 'SCR' extension (specific to this AES-Matrix Ransomware version) that the Trojan adds onto any files afterward. Like with similar threats, malware experts confirm that the SCR Ransomware also deletes the Shadow Volume Copy or the Restore Point data that victims could use for recovery.
Although the SCR Ransomware's chosen template for a ransom note uses poor grammar, it relays adequate instructions for buying a decryption service from the threat actor. Notable details include a three-file demonstration of the unlocker, a one-week deadline, and the absence of uTox chatting methods (unlike the M88P Ransomware, another member of the family).
Malware experts also discourage paying the ransom, as its safety as a recovery method is questionable. Incidents of ransoming tactics and decryption issues periodically occur in old campaigns like the BDDY Ransomware, the Matrix-GBLOCK Ransomware, or the Matrix-SBLOCK Ransomware.
Stepping Out of the Matrix's Boundaries for Profit
The SCR Ransomware is compatible with most releases of the Windows operating system. Users on that OS can protect their files most efficiently by saving backups onto other locations, whether they're removable drives or network-based solutions. While the SCR Ransomware is most likely of targeting vulnerable businesses, home users also should consider the risks to their PC and other, internet-connected devices.
All users, regardless of environment, can better protect themselves from an SCR Ransomware attack with the following steps:
- Disabling high-risk browser features (Flash, Java, JavaScript)
- Applying security updates to all software
- Avoiding illegal or advertising-promoted downloads
- Using strong passwords
A typical tactic involving file-locker Trojans' circulation might be e-mailed-attached, fake invoices or resumes, which embed drive-by-download exploits that the reader has to manually enable as 'advanced content.' Users should inspect e-mail addresses for discrepancies and avoid assuming that a file is what its name or extension claims it is.
Most industry-standard anti-malware tools also may block or remove the SCR Ransomware, even if they're incapable of unlocking files.
The SCR Ransomware, like the TRU8 Ransomware of slightly earlier, is a point in favor of this family's remaining highly-active in the threat landscape. No one should underestimate Trojans like the AES-Matrix Ransomware family, which stay threatening no matter how old it gets.
