Scarab-Ukrain Ransomware

The Scarab-Ukrain Ransomware is an encryption ransomware Trojan that was first observed in late July 2018. The Scarab-Ukrain Ransomware is part of the Scarab family of ransomware Trojans. This is a big family of ransomware Trojans that has been around since 2017. However, it's only since May 2018 that the vast majority of Scarab variants have been released. This has made PC security researchers suspect that Scarab has been released as a RaaS (Ransomware as a Service) platform or as part of a ransomware builder kit. There is very little to differentiate the Scarab-Ukrain Ransomware from the many other variants in this ransom family and, like its predecessors, the Scarab-Ukrain Ransomware is designed to use a strong encryption algorithm to make the victim's files inaccessible and then demand a ransom payment from the victim.

Why the Scarab-Ukrain Ransomware will Attack a Computer?

The Scarab-Ukrain Ransomware uses AES encryption to make the victim's files inaccessible. The Scarab-Ukrain Ransomware will make the affected files easy to be recognized since they will be marked with the file extension '.ukrain,' which will be added to their names. The Scarab-Ukrain Ransomware is typically delivered to the victim's computer via damaged Microsoft Word files containing inserted macro scripts that download and install the Scarab-Ukrain Ransomware. Once installed, the Scarab-Ukrain Ransomware scans the victim's computer to find the files it was programed to encrypt. The Scarab-Ukrain Ransomware seems to target computers located in Russian-speaking regions only and its focus are the user-generated files, such as the files with the following extensions:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

The Scarab-Ukrain Ransomware delivers its ransom note in a text file named 'HOW TO RECOVER ENCRYPTED FILES.TXT.' This ransom note contains a message that is identical to what has been observed in other variants in the Scarab ransomware family.

Dealing with a Scarab-Ukrain Ransomware Infection

The victims are asked to contact the criminals via the email addresses 'cr64@keemail.me' and 'cr64@mail.ee.' The computer users that are willing to contact the criminals responsible for the Scarab-Ukrain Ransomware attack will lose their time and money almost certainly. Although the Scarab-Ukrain Ransomware's encryption method is quite strong and it is not possible to restore files encrypted by this attack, other variants in the Scarab family have been cracked before, and some decryption programs for other Scarab variants are now available. They may be useful in helping computer users recover their files after a Scarab-Ukrain Ransomware attack. However, the best protection, undoubtedly, is having file backups stored on independent devices. File backups ensure that the victims of the Scarab-Ukrain Ransomware attack can recover their files from the backup copy after removing the Scarab-Ukrain Ransomware infection itself with the help of a reliable security program. It is also crucial to have protections against spam email since this is the main method used to distribute the Scarab-Ukrain Ransomware currently.