Scarab-Oneway Ransomware
The Scarab-Oneway Ransomware is an encryption ransomware Trojan that is part of the Scarab family of ransomware, a large encryption ransomware family that has been quite active in 2018. The Scarab-Oneway Ransomware was first spotted in July 2018, distributed through spam email attachments using embedded macro scripts to install the Scarab-Oneway Ransomware on the victim's computer.
Table of Contents
How the Scarab-Oneway Ransomware Works
The Scarab-Oneway Ransomware, like most encryption ransomware Trojans, takes the victim's files hostage, using AES, RSA, and base64 algorithms to encrypt the victim's files and scramble their names. The Scarab-Oneway Ransomware will target the user-generated files, which include media files, databases, numerous documents, and many other types of commonly used files. Threats like the Scarab-Oneway Ransomware will target some file types in these attacks, which include:
.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.
The Scarab-Oneway Ransomware's attack makes the affected files to be recognized easily by the file extension '.oneway,' which it adds to the file's name.
The Scarab-Oneway Ransomware’s Ransom Demand
The Scarab-Oneway Ransomware demands a ransom payment, dropping a ransom note named 'Расшифровать файлы oneway.txt' (Decrypt files oneway.txt) onto the victim's computer. The following is a translation from Russian of the Scarab-Oneway Ransomware ransom note:
'Write to email - ibm15@horsefucker.org
============
YOUR FILES ARE CRYPTED!
Your personal identifier
[646 characters hex string]
Your documents, photos, databases and other important files have been encrypted.
Every 24 hours 24 files are deleted, you need to send your ID so that we disable this function.
Every 24 hours the cost of decrypting data is increased by 30% (after 72 hours the amount is fixed)
To decrypt the data:
Write to mail - ibm15@horsefucker.org
* In the letter, enter your personal identifier
* Attach 2 files up to 1 mb for test decryption.
we decipher them, as evidence that ONLY WE can decipher them.
-The faster you tell us your ID, the faster we turn off arbitrary deletion of files.
-Write to our email and receive further instructions on payment.
In the reply email, you will receive a program for decryption.
After starting the decryption program, all your files will be restored.
Attention!
* Do not attempt to uninstall the program or run antivirus software
* Attempts to self-decrypt files will result in the loss of your data
* Decoders of other users are incompatible with your data, as each user
has a unique encryption key
* Do not try to find a solution on the side, it's a 100% disruptive. Nobody except us can decipher.
============
If you can;t connect via email
* Register on the site http://bitmsg.me (online delivery service Bitmessage)
* Send an email to the address BM-2cXv1tCz4mRNE52UyDZ7DWDdvfUf5ed6GB with your email and
personal identifier
Your personal identifier
[646 characters hex string]'
Dealing with the Scarab-Oneway Ransomware
Computer users must avoid paying the Scarab-Oneway Ransomware ransom or following the instructions in its ransom note. Instead, computer users should restore the affected files from backup copies stored in an external location. An up-to-date security application can be used to remove the Scarab-Oneway Ransomware Trojan itself.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.