Scarab-Danger Ransomware

The Scarab-Danger Ransomware is an encryption ransomware Trojan that was first observed on June 15, 2018. The Scarab-Danger Ransomware is just one of the many new variants in the Scarab family of ransomware Trojans that have been released regularly since April 2018. PC security researchers suspect that the creators of the Scarab-Danger Ransomware are using a ransomware building kit or a Ransomware as a Service (RaaS) platform as a way to keep creating new variants in this family of ransomware. The main purpose of the Scarab-Danger Ransomware is to take the victim's files hostage, encrypting them with an encryption algorithm and then demanding a ransom payment from the victim in exchange for a decryption key, which the infected users will need to restore the affected files.

The Danger Presented by a Scarab-Danger Ransomware Attack

The initial the Scarab-Danger Ransomware infection will come from a spam email message frequently, often using corrupted embedded macro scripts to download and install the Scarab-Danger Ransomware onto the victim's computer. Once the Scarab-Danger Ransomware has been installed, the Scarab-Danger Ransomware will use a strong encryption algorithm to make the victim's files inaccessible. The Scarab-Danger Ransomware will mark files encrypted by the attack with a new file extension, often made up of the contact email associated with the ransom payment. The extensions that have been observed in association with the Scarab-Danger Ransomware variants by malware researchers are:

.fastsupport@xmpp.jp
.fastrecovery@xmpp.jp

The Scarab-Danger Ransomware will target the files that are generated by the PC users. The following are examples of the files that threats like the Scarab-Danger Ransomware may target in their attacks:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Scarab-Danger Ransomware's Ransom Payment

The Scarab-Danger Ransomware delivers a ransom note in the form of a text file. The text files associated with the Scarab-Danger Ransomware variants have been observed with the following names:

HOW TO RECOVER ENCRYPTED FILES-fastsupport@xmpp.jp.TXT
HOW TO RECOVER ENCRYPTED FILES-fastrecovery@xmpp.jp.TXT

The content of the ransom note in the text file dropped by the Scarab-Danger Ransomware reads:

'Danger: our contacts change every 3 days, do not hesitate, contact us immediately. Then we will not be available.
Attention: if you do not have money then you do not need to write to us!
The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file.
=================================================
Jabber: fastsupport@xmpp[.]jp
If you do not have a jabber. To write to us to register: https://www.xmpp.jp
=================================================
Your files are encrypted!
Your personal identifier:
[random characters]
=================================================
To decrypt files, please contact us by jabber:
fastsupport@xmpp[.]jp
=================================================
The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file.
Attention: if you do not have money then you do not need to write to us!
Danger: our contacts change every 3 days, do not hesitate, contact us immediately. Then we will not be available.'

PC security researchers counsel computer users to avoid following the instructions in the Scarab-Danger Ransomware ransom note. Computer users should, instead, recover the files compromised by the Scarab-Danger Ransomware by replacing them with backup copies, and then use a trustable, updated security program to scan the affected computer to find any additional threats.