Firstly discovered in June 2017, the infamous Scarab Ransomware made its major comeback on 22^nd August 2019. This new found Scarab variant encrypts the targeted file extensions by employing highly-complex Encryption Algorithms – AES-256 & RSA-2048. It then appends the file names with .dom extension. Once the files are encrypted, it drops a ransom-demanding note, “How to decrypt files.txt” in every folder that contains Scarab files.

Numerous other versions that are spreading at an alarming rate around the world include Scarab-Recovery, Scarab-Turkish, Scarab-Barracuda & .anonimus.mr@yahoo.com. The victims are looking for ways to remove Scarab ransomware from their system & recover the encrypted files.

Let us take an insight into the threat behavior of Scarab & tips to protect your system against its attack.

The Ever-Evolving Threat to Cyber World – Ransomware

Ransomware has been a prominent threat to enterprises & individuals alike since the beginning of 21^st century. Ransomware-based malicious programs definitely represent the worst cyber threat that you can possibly encounter in the current scenario.

This crypto-viral extortion began to soar in popularity with the growth of crypto-currencies such as Bitcoin, Ethereum, Litecoin and Ripple. Digital currencies leverage encryption techniques to verify and secure transactions. This encouraged threat actors to make this problem reach epidemic proportions.

One such vicious malware designed to extort money from its victims is Scarab Ransomware. It was first discovered in June, 2017. Since the inception of this menace, amateur con artists have spawned myriad threat variants to swindle users.Following its discovery, multiple variants of this ransomware have appeared on the threat landscape.

Recent research revealed that over the last two years, malware attackers have received a whopping $25 million in ransoms.

Scarab Ransomware– Threat Behavior

Scarab Ransomware is designed to encrypt the victim’s files, making them irrevocable without payment.

1. The malicious code is written in Visual C compiled&is distributed via the Necurs botnet, one of the largest botnets in the world.
2. Scarab ransomware leverages AES encryption algorithm and adds Scarab extension to the names of infected files. This renders the encrypted files inaccessible.
3. Moreover, when the malicious script is executed it extracts CMD scripts & DLL files. Hence, shadow volume copies are deleted to avoid recovery of files through backup folders.
4. The script then ensures that no key processes are running, & kills them if they are found. Killing these processes renders some locked files free for encryption.
5. Following the encryption of the targeted files, a ransom note is dropped written in broken English. It appears that the ransom note is originally written Russian language &translated word-to-word in English without correcting grammar & English. This depicts that the authors of Scarab are likely Russian speakers.
6. The ransom note warns its victims to pay the specified ransom amount to restore the encrypted files. It further threatens them to hike up the amount in case the payment is delayed.

However, this is purely a scare tactic used to compel victims to send money quickly.

Paying the ransom does not guarantee that the encrypted files will be released. It only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, receiving decrypting keys does not ensure that the malware infection has been completely removed. Your system can again fall prey to this threat in the future.

What do I do to protect against Scarab Ransomware?

Malware can be devastating to an individual or organization. Its recovery can be a cumbersome process requiring specialized services of some esteemed data recovery specialist.

Hence, undertaking following preventive measures can protect your computer networks from this ransomware infection:

1. Employ a data backup and recovery plan for all critical information.
2. Keep your operating system and software up-to-date with the latest patches.
3. Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.
4. Avoid enabling macros from email attachments. This will prevent the embedded code to execute the malware on the machine.
5. Do not click on unsolicited Web links in emails.

Hits: 199