The Scarab Ransomware family continues to expand and today threat researchers identified the next addition to the long list of file-encryption Trojans based on Scarab – the Scarab-FastRecovery Ransomware. This variant does not include any major changes and, just like the previous versions, it simply uses a different file extension to mark the encrypted files, as well as a dissimilar e-mail for contact.
The cybercriminals behind the Scarab-FastRecovery Ransomware rely on mass e-mail spam campaigns to distribute macro-laced documents that are meant to deploy and execute the payload of this file-locker. When the Scarab-FastRecovery Ransomware is started, it will not announce its presence immediately and, instead, it is likely to spend the next few minutes scanning the hard drive partitions and encrypting specific file formats. Some of the common targets of Scarab-based ransomware are documents, images, songs, videos, spreadsheets, presentations, and archives, but these threats also target a large number of other commonly used file formats.
When the Scarab-FastRecovery Ransomware completes the attack, it proceeds to drop a short ransom message whose purpose is to inform the victims that their data has been encrypted and its recovery is only possible with the use of a special decryptor that only the attackers can provide. Sadly, the last bit of the statement is true and there is no guaranteed way to unlock files taken hostage by the Scarab-FastRecovery Ransomware currently. However, this certainly does not point to seek assistance from the attackers, because there’s a significant risk that they might take your money without fulfilling their part of the deal. Furthermore, they have provided zero proof that they are in possession of a working file decryptor, so that’s another valid reason why you should not agree to pay them. The whole ransom message is found in the file ‘HOW TO RECOVER ENCRYPTED [email protected]’
Our advice is to ignore the instructions of the attackers and to run an up-to-date anti-virus scanner that will eradicate the Scarab-FastRecovery Ransomware’s files immediately. Sadly, the removal of the threat will not undo the damage that it was already able to cause, and you will need to preserve the encrypted files in case a free decryption tool becomes available in the future.