Threat Database Ransomware Scarab-Recovery Ransomware

Scarab-Recovery Ransomware

By GoldSparrow in Ransomware

The Scarab-Recovery Ransomware is an encryption ransomware Trojan that was first observed on July 9, 2018. The Scarab-Recovery Ransomware belongs to a large family of ransomware that has been quite active in the Spring and Summer of 2018. The motive for this may be its association with a RaaS (Ransomware as a Service) platform or made available in a ransomware building kit. The Scarab-Recovery Ransomware is not different from the many other Scarab variants: the Scarab-Recovery Ransomware will encrypt the victim's files using an effectual encryption algorithm and then demanding payment from the victim as a ransom in exchange for the decryption key needed to restore the files affected by the attack.

Only Back Ups can Recover the Files Enciphered by the Scarab-Recovery Ransomware

Initially, the Scarab-Recovery Ransomware is typically delivered using a corrupted spam email attachment, often taking the form of a Microsoft Office document with embedded macro scripts. The Scarab-Recovery Ransomware is distributed to victims through unsafe, cracked shareware or freeware distributed on shady websites. Once the Scarab-Recovery Ransomware is installed, the Scarab-Recovery Ransomware will use the AES encryption to make the victim's files inaccessible, encrypting them and then demanding a ransom payment. The Scarab-Recovery Ransomware marks the damaged files with the file extension '.Recovery.' The Scarab-Recovery Ransomware will target numerous user-generated files in its attack, which may include various types of documents, media files, databases, backup files, and numerous others. The following are examples of the files that are targeted by attacks like the Scarab-Recovery Ransomware's:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

The Scarab-Recovery Ransomware's ransom note is contained in a text file named 'HOW TO RECOVER FILES.TXT.' The text of the Scarab-Recovery Ransomware's ransom note reads:

'All your files are encrypted!!!!!!
Your documents, photos databases, and other important data were encrypted.
Data recovery requires a decryptor.
To receive the decryptor, you should send an e-mail to the email address:
bd.recovery@aol.com or bd.recovery@india.com
Then you will receive further instructions'

This exact same ransom note has been associated with other variants in the Scarab family of ransomware.

Dealing with the Scarab-Recovery Ransomware Trojan

When it comes to threats like the Scarab-Recovery Ransomware, it is important to take precautions against these threats. The best precaution against these infections is to have file backups stored in a location that is inaccessible to these threats, such as the cloud or an external memory device. Computer users can remove the Scarab-Recovery Ransomware threat with a renowned security program and then restore the files encrypted by the attack by restoring them from backup copies if the file backups exist. Since the Scarab-Recovery Ransomware is delivered using corrupted spam email attachments and bogus file downloads, learning to recognize these tactics online also is an essential part in preventing a Scarab-Recovery Ransomware attack.

Trending

Most Viewed

Loading...