Scrabber Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 7 |
First Seen: | October 17, 2018 |
Last Seen: | July 23, 2019 |
OS(es) Affected: | Windows |
The Scrabber Ransomware is an encryption ransomware Trojan based on HiddenTear, an open source ransomware platform that has been accountable for countless variants of these threats. The Scrabber Ransomware is commonly delivered to victims via spam email attachments. The Scrabber Ransomware is designed to take the victim's data hostage and demand a ransom payment in exchange for the return of the data that was made inaccessible.
How You will Know that the Scrabber Ransomware is on Your Machine
There is very little to differentiate the Scrabber Ransomware from the many other encryption ransomware Trojans in action, particularly the many variants of HiddenTear. The Scrabber Ransomware, like the many other, similar threats, uses the AES encryption to encrypt the victim's files, targeting the user-generated files, such as those with the following extensions:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
Each file the Scrabber Ransomware encrypts is marked with the file extension '.junked,' which will be added to the files' names.
The Scrabber Ransomware's Ransom Demand
The Scrabber Ransomware delivers a ransom note in a text file named 'ПРОЧИТАЙ БЛЯТ!.txt' ('READ DAMN IT!.txt'), which is dropped on the infected computer's desktop. The Scrabber Ransomware also changes the infected computer's desktop image. This ransom note contains the following text, written both in Russian and in English:
'All your files are encrypted in a secure AE5-256 encryption algorithm and now have a level of over-secrecy. Do not rush to close this the window because you won't see it again. Follow the instructions below, but do not rush because we have to tell two simple things:
1. we do not mosheniki not liars, we are behind You and will help with rasshifrovka Your precious files
2. Encryption is a reversible cryptographic action that changes the encoding of the file on its own (this is visible in here the characters but we the first paragraph will help you with deciphering) we operate on the principle: Encrypted and we give you the files for free, we do not need bitcoins received by exchange or long work with your mining.
Contact us at mail: decriptscrabber@mail.ru
If our main mail is blocked because of a complaint, we advise you to contact by mail: trinskertak.ru. Again, we repeat: do NOT CLOSE this window because YOU NO LONGER WILL SEE IT WHEN YOU REBOOT.
A successful decryption, oh yeah we forgot! To obtain the key, send the PC and user name to us, received enter the password and click on decryption.
To find out the list of encrypted files click on the button: -Encrypted files" Now successful accurately decoding!'
The Scrabber Ransomware also delivers a pop-up window with the following text:
'Scrabber Ransomware
Your documents, fotos, databases and etc.
has been encrypted.
please contact to post address:
trinskert@bk.ru'
PC security analysts strongly advise computer users not to pay the Scrabber Ransomware ransom or negotiate with the criminals responsible for the Scrabber Ransomware attack.