The 2022 version of ScareCrow, completely unrelated to the 2019 version, was created by threat actors who leveraged the leaked Conti v2 ransomware builder. As such, it shares most of the characteristics of Conti v2. Most notably, the hybrid mechanism used for file encryption - ChaCha20 encrypts the files, and RSA-4096 encrypts the ChaCha20 key to ensure the victim can't extract that key. The ScareCrow crypto-ransomware drops a simple ransom note that asks victims to contact the ransomware operators using one of three Telegram accounts. Aside from the one sample that changed file extensions to '<file name>.CROW' and knowing it was discovered in late October 2022, there aren't many more notable artifacts to relay.