'crab7765@gmx.de' Ransomware

The 'crab7765@gmx.de' Ransomware is a version of the Scarab Ransomware that employs two new file markers for the encrypted data. The 'crab7765@gmx.de' Ransomware is designed to encrypt photos, music, videos, text and databases on infected computers. The encrypted data may receive one of two markers — '[crab7765@gmx.de].crab' and '.qweuirtksd.' The name — 'crab7765@gmx.de' Ransomware — is a working title that encompasses two ransomware strains, which were reported on October 8th, 2018 by malware researchers. The first version is referred to as the 'crab7765@gmx.de' Ransomware and attaches the '[crab7765@gmx.de].crab' suffix to the filenames. The second version features a small modification and places the '.qweuirtksd' suffixes on the filenames. Depending on the ransomware strain that managed to encrypt your data, you will find that 'A Dream of Sovngarde.epub' may be renamed to 'A Dream of Sovngarde.epub[crab7765@gmx.de].crab' or 'A Dream of Sovngarde.epub.qweuirtksd.'

PC users may be infected with the 'crab7765@gmx.de' Ransomware through spam emails and fake updates to the Adobe Flash Player. A good way to block most ransomware strains from being downloaded on your memory drive is to disable the macros functionality in your office suite. You should open macro-enabled files from trusted sources only. Cybersecurity experts recommend that PC users create backups regularly and abstain from visiting questionable domains, as well as avoid the usage of pirated software. PC users are advised to avoid paying the threat creators because that encourages them to push new versions of their encryption software and claim more victims. There is no warranty that you will receive a decryptor, and more threats may be dropped to your system after using a decryptor if such is provided to you. Remove the 'crab7765@gmx.de' Ransomware and related versions with the help of a credible anti-malware instrument.

The ransom message for the files marked with '[crab7765@gmx.de].crab' appears to be titled '!!!ReadMeToDecrypt.txt' and presents the following text:

'Attention, all your files are encrypted with the AES cbc-128 algorithm!
It's not a virus like WannaCry and others, I hacked your computer,
The encryption key and bitcoin wallet are unique to your computer,
so you are guaranteed to be able to return your files.
But before you pay, you can make sure that I can really decrypt any of your files.
To do this, send me several encrypted files to cyrill.fedor0v@yandex.com, a maximum of 5 megabytes each, I will decrypt them
and I will send you back. No more than 5 files. Do not forget to send in the letter bitcoin address 1BhHZxek7iUTm1mdrgax6yVrPzViqLhr9u from this file.
After that, pay the decryption in the amount of 500$ to the bitcoin address: 1BhHZxek7iUTm1mdrgax6yVrPzViqLhr9u
After payment, send me a letter to [email address] with payment notification.
Once payment is confirmed, I will send you a decryption program.
You can pay bitcoins online in many ways:
hxxps://buy.blockexplorer[.]com/ - payment by bank card
hxxps://www.buybitcoinworldwide[.]com/
hxxps://localbitcoins[.]net
About Bitcoins:
hxxps://en.wikipedia[.]org/wiki/Bitcoin
If you have any questions, write to me at [email address]
As a bonus, I will tell you how hacked your computer is and how to protect it in the future'

The ransom message for files marked with '.qweuirtksd' appears to be titled 'HOW TO RECOVER ENCRYPTED FILES.TXT' and displays the following text:

'Your files are now encrypted!
Your personal identifier:
[random characters]
For instructions for decrypting files, please write here:
[email addresses]
If you have not received an answer, write to me again!!'