Scarab-FilesReturn247 Ransomware

The Scarab-FilesReturn247 Ransomware is an encryption ransomware Trojan that, like most of these threats, is designed to take victim's files hostage and then demand a ransom payment in exchange for restoring the affected files. The Scarab-FilesReturn247 Ransomware was first observed on July 11th, 2018. However, the Scarab family of ransomware first appeared in June, 2017. Between March and July of 2018, the number of variants in this family of ransomware Trojans has exploded, making it appear as if its code has been made available to criminals on the Dark Web widely, possibly as part of a ransomware builder kit or as a RaaS (Ransomware as a Service) platform.

How the Scarab-FilesReturn247 Ransomware Attack Works

The purpose of the Scarab-FilesReturn247 Ransomware attack is to make the victim's files inaccessible. To do this, the Scarab-FilesReturn247 Ransomware will encrypt the victim's files using the AES encryption. The Scarab-FilesReturn247 Ransomware also will remove alternate recovery methods from the victim's computer, such as the Shadow Volume Copies or the System Restore.The Scarab-FilesReturn247 Ransomware scans the victim's drives in search for the user-generated files and then it will encrypt them and add the file extension '[Filesreturn247@gmx.de].lock' to the file's name. The Scarab-FilesReturn247 Ransomware encrypts certain file types, which include a wide variety of media files that may encompass images, media files, documents, configuration files, archives, databases and many others. The following are examples of the files that threats like the Scarab-FilesReturn247 Ransomware will target in their attacks:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

The Scarab-FilesReturn247 Ransomware's Ransom Demand

The Scarab-FilesReturn247 Ransomware's purpose, like most encryption ransomware Trojans, is to extract a ransom payment from the victim. To do this, the Scarab-FilesReturn247 Ransomware delivers a ransom note. This ransom note presents itself as a text file named 'HOW TO RECOVER ENCRYPTED FILES.TXT,' which will be dropped on the infected computer's desktop. The Scarab-FilesReturn247 Ransomware ransom note contains the following message:

'Hi, friend...
🙂
For instructions on how to recovery the files, write to me:
Filesreturn247@gmx.de
Filesreturn247@protonmail.com
Filesreturn247@india.com

In the letter indicate, your personal ID (see the file format).
If you have not received an answer, write to me again.
Your personal ID
[random characters]'

The Scarab-FilesReturn247 Ransomware's ransom note has some instructions that are better not being followed since this is likely to expose the victim to additional infections. Instead, computer users should use a security application that is fully up-to-date to remove the Scarab-FilesReturn247 Ransomware infection itself. Once the infection has been removed, computer users can restore any files compromised by the attack by replacing them with the backup copies. This explains why the best protection against threats like the Scarab-FilesReturn247 Ransomware is to have file backups stored cloud services or on a safe external device that is not connected to the victim's computer.