Scarab-XTBL Ransomware
The Scarab-XTBL Ransomware is an encryption ransomware Trojan that belongs to the Amnesia Ransomware family of encryption ransomware Trojans. The Scarab-XTBL Ransomware is a variant of the Scarab Ransomware, a variant in the Amnesia family that was first observed in June of 2017. Several versions of this specific strain of ransomware have been released near to each other, possibly as a way to help this and similar threats avoid detection. There is very little to differentiate the Scarab-XTBL Ransomware from the numerous other ransomware Trojans that are being used to infect and extort computer users currently. The Scarab-XTBL Ransomware, like the many other threats of this type, is delivered to victims using spam email messages and by lying to computer users. Once installed, the Scarab-XTBL Ransomware will take the victim's files hostage through the use of an encryption algorithm and then request the payment of a ransom to be provided with a decryption key that is the only way to restore the affected files.
Table of Contents
What the Scarab-XTBL Ransomware will Do with Your Files
The Scarab-XTBL Ransomware is delivered to the victims through corrupted Microsoft Word files containing embedded macro scripts, attached to spam email messages. The Scarab-XTBL Ransomware uses the AES encryption to make the victim's files unreachable. The files encrypted by the Scarab-XTBL Ransomware will be identified with the '.xtbl' extension, which is added to the affected file's name. The Scarab-XTBL Ransomware will encrypt the user-generated files, which may include several file types. Some file types that are typically encrypted by the Scarab-XTBL Ransomware attack include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Scarab-XTBL Ransomware’s Ransom Note
The Scarab-XTBL Ransomware will often run as 'Win98.exe' or 'systems.exe' on the affected computers, trying to hide its presence. The Scarab-XTBL Ransomware delivers its ransom note in the form of a text file named 'IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.txt' that is dropped on the infected computer's desktop. This text file contains the following message:
'IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS
email - joxel@cock.li
Your files are now encrypted!
BEGIN PERSONAL IDENTIFIER
[RANDOM CHARACTERS]
END PERSONAL IDENTIFIER
All your files have been encrypted due to a security problem with your PC. Now you should send us email with your personal identifier. This email will be as confirmation you are ready to pay for decryption key. You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: joxel@cock.li'
However, following the instructions contained in the Scarab-XTBL Ransomware ransom note or accepting to pay the demanded ransom is not a wise decision. Instead, infected users should restore the affected files from a backup copy.
Protecting Your Data from the Scarab-XTBL Ransomware
The best protection against threats like the Scarab-XTBL Ransomware is to have file backups on detached, portable hard drives and cloud storage networks with protected logins. Having file backups allows computer users to restore their files without having to negotiate with the con artists to recover some crucial lost data. File backups, combined with a good security program, can help halt most ransomware Trojan infections.
