Scarabey Ransomware
The Scarabey Ransomware is an encryption ransomware Trojan that was first observed on December 2, 2017. The Scarabey Ransomware, like most encryption ransomware Trojans, is designed to demand a ransom from its victims, taking their files hostage by encrypting them with a strong encryption algorithm. The Scarabey Ransomware is a variant of the Scarab Ransomware, a generic encryption ransomware Trojan that was first observed in June, 2017. The Scarabey Ransomware is delivered using spam email messages, which may infect computers running the Windows operating system, and seems to target computer users in Russian speaking locations primarily. The Scarabey Ransomware is identical to most encryption ransomware Trojans virtually, both in its attack and delivery method, and computer users are advised to take precautions against this and other encryption ransomware threats.
How the Scarabey Ransomware Infects a Computer
The Scarabey Ransomware is designed to encrypt a wide variety of the user-generated files, including texts, databases, videos, audio and images. The Scarabey Ransomware marks the files it encrypts in its attack by adding the file extension '.scarab' to the affected file's name. The Scarabey Ransomware also will delete the Windows Shadow Volume Copies of the affected files in its attack, which can often be used to recover lost files. Examples of the file types that may be targeted in ransomware attacks like the Scarabey Ransomware include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Unfortunately, the Scarabey Ransomware uses a strong encryption algorithm to make the victim's files inaccessible. This means that computer users will not be able to restore the affected files without the decryption key, which these people hold in their possession.
How the Cybercrooks Use the Scarabey Ransomware to Profit
Ransomware Trojans like the Scarabey Ransomware are used to make money by extorting the victims of its attack. The Scarabey Ransomware delivers a ransom note in the form of a text file named 'Инструкция по расшифровке.txt' on the infected computer after encrypting the victim's files. This translates as 'Decryption instructions.txt' and contains the Scarabey Ransomware's ransom note, which alerts the victim of the attack and demands that the victim contacts the cybercrooks at their email address to receive further instructions about payment. The text of the Scarabey Ransomware's ransom note, translated into English reads:
'Good afternoon. Your computer has been infected with Scarabey. All data is encrypted with a unique key, which is available only to us.
Without the unique key - files can not be restored.
24 files are deleted every 24 hours. (we have copies of them)
If you do not run the decryption program within 72 hours, all the files on the computer are completely deleted, without the possibility of recovery.
Read carefully how to recover all encrypted data.
Scarabey'
PC security researchers have observed similar attacks demanding ransoms ranging from 500 to 2500 USD, although it is possible that the Scarabey Ransomware's ransom is more substantial. No matter the amount of the ransom demanded by the people behind the Scarabey Ransomware computer users should ignore it. Instead, using an up-to-date security program they can to remove the Scarabey Ransomware itself and restore the files affected by the attack from a backup copy.
