Scarab Ransomware

Scarab Ransomware Description

The Scarab Ransomware is an encryption ransomware Trojan that was observed on June 13, 2017. The Scarab Ransomware is one of the many HiddenTear variants that are active currently. HiddenTear, an open source ransomware Trojan released in 2015, has spawned countless threat variants since its code was made available to amateur con artists looking to carry out these attacks. The most common way of distributing the Scarab Ransomware is by including it as a corrupted file attachment in spam email messages. The Scarab Ransomware can be identified easily because it will mark the files it encrypts with the file extension '.scarab,' which is included to the end of the affected file's name. There is little to differentiate the Scarab Ransomware from other ransomware Trojans, which encrypt the victim's files and then demand the payment of a ransom in exchange for the decryption key necessary to recover the affected files.

The Sacred Beetle Devoted to Ruin Files

In its infection process, the Scarab Ransomware will scan the victim's computer in search for certain file types and then encrypt them using a strong encryption algorithm. After encrypting the victim's files, the Scarab Ransomware will create a ransom note, which will take the shape of a text file dropped on the infected computer's desktop and in directories where the Scarab Ransomware encrypted content. During its attack, the Scarab Ransomware also will interfere with alternate recovery methods, deleting the Windows Restore points and the Shadow Volume Copies that could be used to restore the affected files to their former states. The text file used to deliver the Scarab Ransomware's ransom note is titled 'IF_YOU_WANT_TO_GET_ALL_YOUR_FILES_BACK_PLEASE_READ_THIS.TXT' and contains the following message:

Your files are now encrypted!
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address:
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 5Mb (non archived), and files should not contain valuable information (databases, backups, large excel sheets, etc)..
How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click
'Buy bitcoins', and select the seller by payment method and price:
* Also you can find other places to buy Bitcoins and beginners guide here:

How Can I Buy Bitcoins?

* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'

Dealing with the Scarab Ransomware Infection

The best way to deal with encryption ransomware threats like the Scarab Ransomware is to restore your files from a backup copy. PC users must refrain from paying the ransom the Scarab Ransomware demands. The people responsible for the Scarab Ransomware attack are just as likely to ignore your payment as they are to demand more money or attempt to re-infect your computer. Furthermore, paying the Scarab Ransomware ransom allows these people to continue creating these threats. Fortunately, having backups on an external memory device is so effective against ransomware Trojans like the Scarab Ransomware that if enough computer users do it, these attacks will disappear altogether, since these people would no longer have any leverage over their victims, to demand a ransom payment.

Infected with Scarab Ransomware? Scan Your PC

Download SpyHunter's Spyware Scanner
to Detect Scarab Ransomware
* SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

File System Details

Scarab Ransomware creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\sevnz.exe 65
2 file.exe 350,208 6899003aaa63ab4397f9e32e0a1daf43 7

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 12 + 8 ?