Threat Database Ransomware Scarab-Bomber Ransomware

Scarab-Bomber Ransomware

By GoldSparrow in Ransomware

The Scarab-Bomber Ransomware is an encryption ransomware Trojan that is part of a large family of ransomware Trojans released between April and June of 2018. This family, known as Scarab, seems to be the result of a ransomware building kit or a Ransomware as a Service (RaaS) platform, which has allowed the criminals to release multiple copies of this threat in a very short period. Malware researchers first observed the Scarab-Bomber Ransomware itself on June 18, 2018.

The User-Generated Files are the Main Targets of the Scarab-Bomber Ransomware

The Scarab-Bomber Ransomware seems to target computers located in Russia and Russian speaking regions specifically. The Scarab-Bomber Ransomware, like most ransomware Trojans, uses a strong encryption algorithm to encrypt the victim's files, and make them inaccessible. The Scarab-Bomber Ransomware targets the user-generated files, which may include files with the following file extensions:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Scarab-Bomber Ransomware encrypts the victim's files to take them hostage, making them inaccessible without the decryption key (which the criminals hold in their possession). The Scarab-Bomber Ransomware's encryption method makes the files easily recognizable because the Scarab-Bomber Ransomware will mark them with the new file extension '.bomber.'

The Scarab-Bomber Ransomware’s Ransom Demand

The Scarab-Bomber Ransomware delivers a ransom note to its victims, which will take the shape of a text file that will be named 'КАК ВОССТАНОВИТЬ ЗАШИФРОВАННЫЕ ФАЙЛЫ.TXT' ('HOW TO DECRYPT YOUR FILES.TXT') and contains a ransom note written in Russian. The following is the Scarab-Bomber Ransomware ransom note translated to English:

'YOUR FILES ARE ENCRYPTED!
Your personal identifier
[random characters]
Your documents, photos, databases and other important data were encrypted.
Data recovery requires a decryptor.
To receive the decryptor, you should send an e-mail to soft2018@tutanota[.]com (soft2018@ mail[.]ee, newsoft2018@yandex[.]by)
In the letter, indicate your personal identifier (see the beginning of this document).
If I can not connect through the mail, I can not
* Register on the site hxxp://bitmsg[.]me (online sending service Bitmessage)
* Write a letter to the address BM-2cWp6BhKATEHEyfi1CGG4k3RuquXjaGJXB indicating your mail and
personal identifier
Next, you pay the cost of the decryptor. In the reply letter you will receive the address
Bitcoin-wallet, to which you need to perform the transfer of funds and the amount of payment.
If you do not have bitcoins
* Create a Bitcoin wallet: hxxps://blockchain[.]info/en/wallet/new
* Acquire Bitcoin Crypto Currency:
hxxps://localbitcoin[.]com/en/buy_bitcoins (Visa / MasterCard, QIWI Visa Wallet, etc.)
* Send the required amount of BTC to the address specified in the letter
When the money transfer is confirmed, you will receive a file decryption for your computer.
After starting the decryption program, all your files will be restored.
Guarantee of decryption of files.'

The Scarab-Bomber Ransomware attacks are associated with three email accounts, as well as a BitMessage account: 'soft2018@tutanota.com,' 'soft2018@mail.ee,' 'newsoft2018@yandex.by' and the BM-2cWp6BhKATEHEyfi1CGG4k3RuquXjaGJXB BitMessage account.

Dealing with the Scarab-Bomber Ransomware

Computer users should not pay the Scarab-Bomber Ransomware ransom or contact the criminals responsible for its attack. Instead, the best protection is to have file backups stored on places that threats can't get to. You should replace the files affected by the Scarab-Bomber Ransomware with a backup copy, and a security product that is fully up-to-date should be used to remove the Scarab-Bomber Ransomware from an affected computer.

Trending

Most Viewed

Loading...