Scarab-FastRecovery Ransomware
The Scarab-FastRecovery Ransomware is a file encryption Trojan that was first observed in mid-June, 2018. The Scarab-FastRecovery Ransomware is a variant in the Scarab family of ransomware. Malware analysts have observed a large number of Scarab variants released between April and June of 2018, which may be related to a RaaS (Ransomware as a Service) platform on the Dark Web. These services types allow anyone to create custom ransomware variants, generally by paying a fee for the service and letting a third-party handle ransom payments and management.
Table of Contents
The Scarab-FastRecovery Ransomware Infection Method
The most common way of distributing the Scarab-FastRecovery Ransomware, as with many similar threats, is through the use of spam email tactics. Corrupted websites and social engineering hoaxes are also ways to deliver threats like the Scarab-FastRecovery Ransomware. Corrupted macro scripts are used to download and install the Scarab-FastRecovery Ransomware onto the victim's computer. The Scarab-FastRecovery Ransomware will scan the victim's drives in search for the user-generated files, which may include various media files, as well as commonly used document formats. The Scarab-FastRecovery Ransomware may target the below file types in its attack:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zi.
The Scarab-FastRecovery Ransomware uses an encryption method that makes it easy to recognize the damaged files because the Scarab-FastRecovery Ransomware will add the file extension '.fastrecovery@airmail.cc' to each affected file's name. This file extension also is the contact email used by the criminals responsible for the Scarab-FastRecovery Ransomware so that victims can pay a ransom to recover the affected files.
The Scarab-FastRecovery Ransomware’s Ransom Note
The Scarab-FastRecovery Ransomware delivers a ransom notification in the form of a text file named 'HOW TO RECOVER ENCRYPTED FILES-fastrecovery@airmail.cc.TXT.' This file will be opened with the victim's default text editor and contains the following message:
'Attention: if you do not have money then you do not need to write to us!
The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file.
===================
Your files are encrypted!
Your personal identifier:
[redacted hex]
===================
To decrypt files, please contact us by email:
fastrecovery@airmail.cc
===================
The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file.
Attention: if you do not have money then you do not need to write to us!'
Contact with the criminals responsible for this attack is not recommended. It is very unlikely that they will help the victims recover the files after the ransom is paid, and paying these ransoms allows criminals to continue creating and distributing threats like the Scarab-FastRecovery Ransomware.
Protecting Your Data from Threats Like the Scarab-FastRecovery Ransomware
The best protection from threats like the Scarab-FastRecovery Ransomware is to have backups of any file. When you have backup copies of your files, you can restore them easily after an attack, which makes you immune to the Scarab-FastRecovery Ransomware and similar threats. Apart from file backups, computer users should have a security program that is fully up to date installed and working and be precautious when dealing with spam email messages and other questionable online content.
