Scarab-Coronavirus Ransomware Description
The Scarab-Coronavirus Ransomware is the latest offshoot of the large Scarab Ransomware family. The Scarab-Coronavirus Ransomware is run by the same hackers who operate the BOMBO Ransomware, another strain based on the Scarab Ransomware.
Once the Scarab-Coronavirus Ransomware is installed, it encrypts the user's files and instructs the victim to contact the ransomware operators. The hackers' goal is to extort money from the victim in exchange for a decryptor.
Distribution and Infection
The Scarab-Coronavirus Ransomware is a new strain of file-encrypting malware, and it's been used in relatively few campaigns. Reports from victims suggest, however, that it's distributed with the help of illicit cracking tools that let users use paid software products for free.
The interesting thing about the Scarab-Coronavirus Ransomware is that in addition to encrypting the files, dropping the ransom note in every folder, and changing the desktop background, it also disables Windows' Task Manager, which makes dealing with the threat much more difficult.
The encrypted files receive a '.coronavirus' extension and they become unreadable immediately. A text file called 'HOW TO RECOVER ENCRYPTED FILES.TXT' is dropped in each folder, and a new desktop background tells the victim to follow the instructions in it.
The ransom note once again tells the users what has happened and tries to assure them that unless they pay the ransom, they'll never get their files back. The ransom demand isn't stated in the note, and the victim is instead told to get in touch with the hackers either through the @decryptorbomber Telegram channel or via email at firstname.lastname@example.org.
The Scarab-Coronavirus Ransomware operators also offer the free decryption of up to 3 files to prove that once they receive the payment, they can unscramble the data. To ensure that victims will not get their important information without paying the ransom, however, there are certain rules. The files, which need to be less than 10MB in size, and the hackers say that they will not decrypt valuable databases, backups or large Excel spreadsheets.
Finally, the user is warned that renaming the files will not work, and anti-virus programs are unable to decrypt the information. Here's the ransom note in its entirety:
'YOUR FILES ARE ENCRYPTED!
Your personal identifier:
[A PERSONAL IDENTIFIER THAT IS UNIQUE TO EACH VICTIM]
Your documents, photos, databases, save games and other important data has been encrypted.
Data recovery requires a decoder.
decryption of files for money
contact us by telegram login @decryptorbomber
contact us by email@example.com
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).
*files affected by viruses are not treated by antivirus software
Don't waste your time. Write to the hacker by contact.
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.'
The Scarab Ransomware family has been around for close to three years now, and as you can see, it's distributed by a number of different groups of hackers under different names and brands. Earlier versions of the Scarab Ransomware had a flaw in their encryption mechanism, and security experts were able to develop free decryptors that helped victims get their files back without paying the ransom. In June 2018, however, Scarab's developers introduced a new encryption mechanism that relies on both AES and RSA, which generates unique decryption keys for all victims.
Without access to these keys, security researchers can't create a free decryption tool for newer variants, and, unfortunately, this means that for the time being, victims of the Scarab-Coronavirus Ransomware who don't have a backup of their files have no way of recovering their data for free.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Scarab-Coronavirus Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.