Threat Database Ransomware Ransomware Ransomware

By GoldSparrow in Ransomware

The Ransomware is one of the many variants in the Scarab family. PC security researchers have uncovered numerous variants in this ransomware family that were released starting in April 2018. The Ransomware emerged in June 2018 and is nearly identical to the numerous other Scarab variants. The large number of Scarab variants being released almost every day has made PC security researchers suspect that a Ransomware as a Service (RaaS) platform using this code has been released, allowing anyone to create variants of the Scarab family by paying its controllers an amount on the Dark Web and then filling out some form kind to ensure that the copy follows specific custom parameters. Because of the increasing number of these threats, it is more important than ever that computer users have backup copies of their data stored on the cloud or an external, protected memory device.

How the Ransomware Attack Affects Your Files

The main target of the Ransomware attack, like the many other ransomware Trojans active currently, is the user-generated content on the victim's computer, which may include various media files and commonly used documents. The Ransomware will commonly be delivered to the victim through spam emails, usually as a file attachment in the form of a DOCX or DOC file with corrupted embedded macro scripts that download and install the Ransomware onto the victim's computer. Once the Ransomware has carried out its attack, the Ransomware will make the victim's files inaccessible by encrypting them with a strong encryption algorithm. The following are examples of the files that are commonly targeted in attacks like the Ransomware:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

Once the Ransomware corrupts a file, it will appear as a blank icon on the Windows Explorer, and it will no longer be accessible. The Ransomware will identify the files encrypted by the attack by adding the file extension '' to the end of each affected file's name.

The Ransomware's Ransom Note

The Ransomware delivers its ransom note in the form of a text file named 'Recover' that contains the following message:

'Attention: if you do not have money then you do not need to write to us!
The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file.
Your files are encrypted!
Your personal identifier:
[redacted 644 hex]
To decrypt files, please contact us by email:
The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file.
Attention: if you do not have money then you do not need to write to us!'

PC security researchers advise PC users to avoid contacting the criminals or following the instructions in the Ransomware's ransom note. The chances of the criminals helping victims recover their files are very small, and it is likelier that victims will set themselves up for additional attacks. Because of this, preventive measures are the best. Computer users should always have file backups stored on the cloud or an external memory device and use a reliable security program at all times.


Most Viewed