Scarab-Crypt000 Ransomware
The Scarab-Crypt000 Ransomware is an encryption ransomware Trojan. The Scarab-Crypt000 Ransomware belongs to the Scarab family of ransomware Trojans, a large family of threats that have released new variants steadily since April 2018. This may be due to a ransomware builder or a Ransomware as a Service (RaaS) platform being released in connection to this threat family. The victims of the Scarab-Crypt000 Ransomware may get infected when they open corrupted spam email attachments. These email attachments will use embedded macro scripts to download and install the Scarab-Crypt000 Ransomware onto the victim's computer.
How the Scarab-Crypt000 Ransomware Attack Works
The Scarab-Crypt000 Ransomware, like the majority of encryption ransomware Trojans, will take the victim's files hostage using a strong encryption algorithm. The Scarab-Crypt000 Ransomware uses the AES 256 encryption to make the victim's files inaccessible. The files encrypted by the Scarab-Crypt000 Ransomware will change the affected files names by using the base64 and the file extension '.crypt000' will be added to the end of each compromised file. The Scarab-Crypt000 Ransomware will target the user-generated files in its attack. The Scarab-Crypt000 Ransomware may compromise countless file types, which include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Scarab-Crypt000 Ransomware will demand a ransom payment from the victim to, supposedly send a decryptor. Dropping a text file on the victim’s desktop does this. The message contained in the Scarab-Crypt000 Ransomware's ransom note reads:
'Your files are now encrypted!
Your personal identifier:
[random characters]
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: 24on7@tutamail.com (24on7online@gmx.us, 24on7online@mail.ee)
If you don't get a reply or if the email dies, then contact us using Bitmessage.
Download it from here: hxxps://bitmessage[.]org/wiki/Main_Page
Run it, click New Identity and then send us a message at BM-2cVvpns8gHmMZavdjotAA12btQ1PCZb4xw
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).
How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price:
hxxps://localbitcoins[.]com/buy_bitcoins
* Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk[.]com/information/how-can-i-buy-bitcoins
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
This ransom note is named 'HOW TO RECOVER ENCRYPTED FILES.txt' and urges the victim to email the criminals or contact them using BitMessage.
Dealing with the Scarab-Crypt000 Ransomware
Contacting the criminals or following their instructions is never a recommended course of action. The Scarab-Crypt000 Ransomware can be removed with a reliable security program. Then, you can restore the files encrypted by the Scarab-Crypt000 Ransomware by using file backups.
