Scarab-Crypto Ransomware
The Scarab-Crypto Ransomware is an encryption ransomware Trojan that belongs to the Scarab family of ransomware, a ransomware strain that has been around for at least a year, with several variants appearing in 2017. The Scarab-Crypto Ransomware and its variants are based on HiddenTear, an open source ransomware platform that has been responsible for numerous encryption ransomware variants since its initial release in 2015. The Scarab-Crypto Ransomware carries out a typical version of this tactic, encrypting victims' files to keep them hostage and then demanding the payment of a ransom in exchange for restoring access to the affected files.
How the Scarab-Crypto Ransomware Infects a Computer
The Scarab-Crypto Ransomware will be delivered to the victim's computer through corrupted spam email attachments, which typically take the form of a Microsoft Word documents with embedded macro scripts, which download and install the Scarab-Crypto Ransomware. Once installed, the Scarab-Crypto Ransomware will use the AES encryption to make the victim's files inaccessible. The Scarab-Crypto Ransomware scans drives on the affected PC, searching for user-generated files to encrypt while avoiding Windows system files in its attack. The Scarab-Crypto Ransomware will typically target the below types of files with its infections:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Scarab-Crypto Ransomware encrypts the victims' files and then delivers a ransom note, containing a message demanding that the victims pay a ransom in exchange for the decryption key or application. The victims are asked to communicate with the con artists via email to pay the Scarab-Crypto Ransomware ransom and receive the decryption key. The Scarab-Crypto Ransomware ransom note contains the following message:
'===
Warning read this carefully!!!!!!
===
All your files are encrypted
Your personal identifier
6A02000000000000***9EAD3E
Your documents, photos, databases, save games and other important data were encrypted.
Data recovery requires a decryptor.
To receive the decryptor, you should send an email to the email address: anticrypto@protonmail.com.
In the letter, indicate your personal identifier (see the beginning of this document).
Next, you pay the cost of the decryptor. In the reply letter you will receive the address
Bitcoin-purse, to which you need to transfer money.
If you do not have bitocoins you can buy Bitcoin:
https://localbitcoins.com/ru/buy_bitcoins(Visa/MasterCard, QIWI Visa Wallet ....)
Also you can use any convenient way for you to buy bitcoin
When the money transfer is confirmed, you will receive a file decryption for your computer.
After starting the decryption program, all your files will be restored.
Attention!
* Do not attempt to uninstall the program or run antivirus software
* Attempts to self-decrypt files will result in the loss of your data
* Decoders of other users are incompatible with your data, as each user unique encryption key
==='
Protecting Your Data from Threats Like the Scarab-Crypto Ransomware
The best protection from threats like the Scarab-Crypto Ransomware is to have file backups. Having backup copies of your files allows you to restore your files after an attack easily. Apart from file backups, PC security researchers also advise computer users to use a strong security program to protect their files from attacks like the Scarab-Crypto Ransomware in the first place. Since spam email is a common infection source, it is important to learn to handle this content safely.
