Scarab-Leen Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 219 |
| First Seen: | June 19, 2018 |
| Last Seen: | March 23, 2019 |
| OS(es) Affected: | Windows |
The Scarab-Leen Ransomware Trojan is a variant in the Scarab family of ransomware. PC security researchers have come across numerous variants in this ransomware family, which may point to the release of a RaaS (Ransomware as a Service) platform on the Dark Web, which allows the criminals to create their customized versions of this threat. Numerous variants of the Scarab-Leen Ransomware had been released in the period between April and June 2018. Threats like the Scarab-Leen Ransomware are delivered to victims through corrupted spam email attachments or by using various online tactics, including corrupted websites and online advertisements.
Table of Contents
How will You Know that the Scarab-Leen Ransomware Has Entered Your Computer
The Scarab-Leen Ransomware will use a strong encryption algorithm to make the victim's files inaccessible. The Scarab-Leen Ransomware will mark the files encrypted by its attack with the file extension '.le,' which will be added to the end of each affected file's name. Once the Scarab-Leen Ransomware has encrypted a file, this file will become inaccessible. The Scarab-Leen Ransomware targets the user-generated files, which may include media files, databases, numerous document formats, configuration files, archives, and various other file types. The following are examples of the files that threats like the Scarab-Leen Ransomware will target in these attacks:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zi.
The Scarab-Leen Ransomware will not encrypt the Windows system files since the Scarab-Leen Ransomware needs the victim's operating system to remain operational so that it can collect a ransom amount from the victim.
The Scarab-Leen Ransomware is Used to Make Money
The Scarab-Leen Ransomware will damage the targeted files and deliver a ransom note in the form of a text file named 'INSTRUCTIONS FOR RESTORING FILES.TXT.' This file will be dropped on the infected computer's desktop and contains the following text:
'IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: mr.leen@protonmail[.]com
BEGIN PERSONAL IDENTIFIER
[RANDOM CHARACTERS]
END PERSONAL IDENTIFIER'
PC security researchers are very emphatic when they ask computer users to avoid contacting the criminals responsible for the Scarab-Leen Ransomware attack. Instead, PC users should take steps to ensure that their data is safe from threats like the Scarab-Leen Ransomware. The best way to achieve this is to have file backups stored on the cloud or removable memory devices. The availability of file backups means that the victims will not need to contact the criminals or attempt to pay the Scarab-Leen Ransomware ransom. Apart from file backups, computer users can protect their data by using a strong anti-malware program to prevent threats like the Scarab-Leen Ransomware from being installed in the first place. Since the Scarab-Leen Ransomware is typically delivered using spam email attachments, learning to recognize and deal with these tactics is also essential in preventing the Scarab-Leen Ransomware attacks.
SpyHunter Detects & Remove Scarab-Leen Ransomware
File System Details
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | helper.exe | eb4275b231e9425324bace0226da71c5 | 102 |
