Scarab-ARTEMY Ransomware
The Scarab-ARTEMY Ransomware is an encryption ransomware Trojan. The Scarab-ARTEMY Ransomware is one of the many variants of Scarab, a large ransomware family that may be part of a RaaS (Ransomware as a Service). The Scarab-ARTEMY Ransomware was first observed on February 27, 2019, and is identical to the many other encryption ransomware Trojans in the Scarab family of ransomware, with slight differences in the strings used in its attack and the IP addresses of its Command and Control servers. The Scarab-ARTEMY Ransomware, like most encryption ransomware Trojans, is designed to take the victims' files hostage. This is what allows the Scarab-ARTEMI Ransomware to ask for a ransom payment from the victim to decrypt the compromised data.
How the Scarab-ARTEMY Ransomware Affects Your Files
The Scarab-ARTEMY Ransomware is mainly distributed using corrupted Microsoft Office files with embedded macro scripts. They install the Scarab-ARTEMY Ransomware onto the victim's computer. Once installed, the Scarab-ARTEMY Ransomware uses the AES encryption to make the victim's files inaccessible, targeting the user-generated files, which may include files with the following file extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The Scarab-ARTEMY Ransomware marks the compromised files with the file extension '.ARTEMY,' which is added to each affected file's name. The Scarab-ARTEMY Ransomware delivers a ransom note in the form of a text file named 'HOW TO RECOVER ENCRYPTED FILES.TXT,' which is dropped in every directory where the Scarab-ARTEMY Ransomware encrypts data. The full text of the Scarab-ARTEMY Ransomware ransom note reads:
'Your files are now encrypted!
Your personal identifier:
[random characters]
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment, we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: artemy75@tutanota.com
Reserve email address: artemy75@cock.li'
Protecting Your Data from Threats Like the Scarab-ARTEMY Ransomware
Computer users should withhold from paying the Scarab-ARTEMY Ransomware ransom or contacting the criminals responsible for this attack. Unfortunately, once the Scarab-ARTEMY Ransomware enciphers the files, they are no longer recoverable. This is why malware researchers strongly advise computer users to take preemptive steps to protect their data, including the use of a competent security program and, most importantly, having backup copies of all data and storing these backup copies in a safe location such as an external memory device.
