Scarab-Rebus Ransomware

The Scarab-Rebus Ransomware is one of several variants of the Scarab Ransomware that were released in April and May 2018. The Scarab-Rebus Ransomware was first observed on May 30, 2018. The high incidence of these attacks involving the Scarab clones may point to the presence of a RaaS (Ransomware as a Service) provider using this threat, or the possibility that the code of the Scarab Ransomware has been made available on the Dark Web publicly. At least a dozen variants in this family have been observed in only the span of a few weeks. The Scarab-Rebus Ransomware, like most encryption ransomware Trojans, is being distributed using corrupted spam email messages and is designed to take the victims' files hostage in exchange for a ransom payment.

Some of the Harmful Actions Performed by the Scarab-Rebus Ransomware

The Scarab-Rebus Ransomware, like other Scarab variants, will use the AES 256 encryption to make the victim's files inaccessible. The Scarab-Rebus Ransomware targets the user-generated files, searching for a wide variety of file types matching commonly used media files, documents, databases and numerous other types of content. The following are examples of the files that the Scarab-Rebus Ransomware will target in its attack:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The Windows system files, executable files, and other files types that are required by the victim's operating system will be missing from this list. This is because threats like the Scarab-Rebus Ransomware need the victim's operating system to remain functional to deliver a ransom note and for the victims pay a ransom using their Web browser.

The Scarab-Rebus Ransomware’s Ransom Demand

The Scarab-Rebus Ransomware takes the victim's files hostage after encrypting the victim's files. Recognizing the files encrypted by the Scarab-Rebus Ransomware is simple since the Scarab-Rebus Ransomware will add the file extension '.REBUS' to all files affected by the attack. The Scarab-Rebus Ransomware will deliver a ransom note in the form of a text file named 'REBUS RECOVERY INFORMATION.TXT,' which contains the following message:

'REBUS
YOUR FILES ARE ENCRYPTED!
Your personal ID
[redacted hex]
Your documents, photos, databases, save games and other important data was encrypted.
Data recovery the necessary decryption tool. To get the decryption tool, should send an email to: rebushelp@airmail.cc or rebushelp@protonmail.com
If you dont get reply in 24 hours use jabber:
rebushelper@exploit.im
Letter must include Your personal ID (see the beginning of this document).
In the proof we have decryption tool, you can send us 1 file for test decryption.
Next, you need to pay for the decryption tool.
In response letter You will receive the address of Bitcoin wallet which you need to perform the transfer of funds.'

Protecting Your Data from Attacks Like the Scarab-Rebus Ransomware

If your files haven't been compromised by a Scarab-Rebus Ransomware attack, you should ensure that you can keep your data safe. The best protection against threats like the Scarab-Rebus Ransomware is to have file backups stored on the cloud or an external memory device. Apart from file backups, malware researchers advise computer users to use security application that is fully up-to-date. Since the Scarab-Rebus Ransomware may be delivered using spam email attachments, also is essential learning to handle these mail kind safely.