The Scarab-Tokog Ransomware is an iteration of the Scarab-Crypto Ransomware, and by extension – of the now infamous ScarabLocker Ransomware. While Scarablocker has been around for nearly two years now, Scarab-Tokog Ransomware, otherwise known as just “Tokog Ransomware,” popped up back in mid-February 2019. The Scarab-Tokog Ransomware, like its predecessor, encrypts the user data with a strong AES encryption, then tries to extort Bitcoin from the victim for the return of their encrypted files.
Where the Scarab-Tokog Ransomware differs from the Scarab-Crypto Ransomware is the fact that it adds the extension ‘.tokog’ to encrypted files. In many regards, the Scarab-Tokog Ransomware is quite similar to other versions of ScarabLocker, attacking a wide variety of files, such as MS Office files, OpenOffice, PDF files, all manners of text files, databases, photos, music, video and image files, and some archives, among other things.
Like many sophisticated pieces of ransomware, the Scarab-Tokog Ransomware goes the extra steps to ensure that all the Shadow Volume copies on the infected device are deleted, which makes data recovery using this method impossible. The email addresses that the fraudsters responsible for Scarab-Tokog Ransomware gave in the ransom note were, respectively, [email protected] and [email protected], and are different to the ones used by the malware peddlers that ran ScarabLocker, who used [email protected]