Scarab-Bin Ransomware
PC security researchers reported the Scarab-Bin Ransomware, an encryption ransomware Trojan, on July 7, 2018. The Scarab-Bin Ransomware is one of the many variants in the Scarab family of ransomware. Scarab variants have been appearing in large numbers since April 2018. This may be due to this threat being made available to criminals in the form of a Ransomware as a Service (RaaS) platform or a ransomware builder kit. The Scarab Ransomware was first observed in June 2017, but its attacks did not explode in number until Spring and Summer of 2018, with new variants appearing almost daily.
Table of Contents
The Scarab-Bin Ransomware will Keep Your Files Hostage
The purpose of the Scarab-Bin Ransomware, like the majority of ransomware threats, is to take the victim's files hostage, encrypting them with a strong encryption algorithm and then demanding a ransom payment from the victim. Initially, the Scarab-Bin Ransomware will arrive on the victim's computer through spam email messages, which include file attachments that use embedded macro scripts to download and install the Scarab-Bin Ransomware onto the victim's computer. Once installed, the Scarab-Bin Ransomware will scan the victim's computer for a variety of file types to compromise. The Scarab-Bin Ransomware will try to compromise the user-generated files, using a strong encryption algorithm to make these files inaccessible. The Scarab-Bin Ransomware will look for the user-generated files, which may include media files, document types, databases, archives, backup files and numerous others. Attacks like the Scarab-Bin Ransomware will focus on the following file types:
.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.
How the Scarab-Bin Ransomware Infects a Computer
The purpose of the Scarab-Bin Ransomware attack is to ensure that the victim cannot recover the affected files by taking them hostage, effectively. The Scarab-Bin Ransomware will delete alternate recovery methods, such as the Shadow Volume Copies or the System Restore points. The Scarab-Bin Ransomware will mark the files encrypted by its attack with the file extension '[mrbin775@gmx.de].bin,' which it will add the file's name. The Scarab-Bin Ransomware delivers a ransom note in the form of a text file that is named 'HOW TO RECOVER ENCRYPTED FILES.TXT" and dropped on the infected computer's desktop. The text displayed by the Scarab-Bin Ransomware's ransom note reads:
'Your files are now encrypted!
Your personal identifier:
[random characters]
For instructions for decrypting files, please write here:
mrbin775@gmx.de
mrbin775@protonmail.com
If you have not received an answer, write to me again!!'
Dealing with a Scarab-Bin Ransomware Attack
The Scarab-Bin Ransomware's associated ransom seems to average around 1000 USD. However, computer users should not pay this ransom or contact the criminals. Instead, a course of action should be created to ensure that their files are safe from these attacks. The best protection against the Scarab-Bin Ransomware is to have file backups stored on external devices. This allows the victims of the Scarab-Bin Ransomware attack to restore their files from a backup immediately after removing the Scarab-Bin Ransomware threat itself.
