Scorpio Ransomware
The Scorpio Ransomware is a variant of the Scarab Ransomware, which was observed in June 2017. The Scorpio Ransomware carries out a typical encryption ransomware Trojan. The Scorpio Ransomware receives its name because it will mark the encrypted files with the file extension '.[Help-Mails@Ya.Ru].Scorpio,' which is added to the end of each encrypted file. The Scorpio Ransomware was observed for the first time on July 12, 2017. When compared to Scarab, there are very few variations between both ransomware Trojans. They even use the same ransom note in the attack. They also seem to be connected through the use of an insect theme, with the possibility of other ransomware Trojans with similar names popping up eventually.
Table of Contents
The Sting of this Scorpio will Affect Your Files Badly
The Scorpio Ransomware uses the AES 256 encryption to make the victim's files inaccessible. The Scorpio Ransomware will target the user-generated files, searching for files with certain file extensions corresponding to the most commonly used file types. To prevent victims from obtaining the decryption key, this key is itself encrypted using the RSA 2048 encryption. This double encryption method, which is standard for many ransomware Trojans, is what makes these threats extremely difficult to deal with. The Scorpio Ransomware establishes a connection with its Command and Control server, receiving instructions and relaying information about the encrypted files and the affected computer.
The Scorpio Ransomware Takes over the Victim’s Files, Then Demands a Ransom Payment
As mentioned before, the Scorpio Ransomware will mark the files encrypted by the attack adding a specific extension to the end of each file's name. The Scorpio Ransomware also will encrypt the affected files' names, replacing them with what appears to be a string of random characters. The Scorpio Ransomware's ransom note is contained in a text file with the following name: 'IF_YOU_WANT_TO_GET_ALL_YOUR_FILES_BACK_PLEASE_READ_THIS.TXT.' The full text of the Scorpio Ransomware ransom note reads:
'*** IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS ***
Your files are now encrypted!
—–BEGIN PERSONAL IDENTIFIER—–
**************************************
—–END PERSONAL IDENTIFIER—–
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: qa458@yandex.ru
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 5Mb (non archived), and files should not contain valuable information (databases, backups, large excel sheets, etc.).
How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click
‘Buy bitcoins', and select the seller by payment method and price:
hxxps://localbitcoins.com/buy_bitcoins
* Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins
Attention!
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
Dealing with the Scorpio Ransomware Infection
Unfortunately, the files affected by the Scorpio Ransomware attack are not recoverable without the decryption key. This is why it is so necessary to have backup copies of your files on an external memory device or the cloud. Having backup copies ensures that computer users can recover after an attack, replacing the affected files with the backup copies after removing the Scorpio Ransomware infection itself with the help of a reliable, fully updated anti-malware application.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.