Very similar in its encryption module to ElmerGlue, GlobeImposter, and EncrypTIle, scarab ransomware also stealthy infiltrates into the computer. It appends every encrypted file name with the email address to get in contact with the operators for ransomware removal. Different outings of this cryptovirological strain suggest that the operators are asking for extortion money in between $500 to $1500 dollars in Bitcoin for ransomware removal. Some noteworthy features of scarab ransomware activities are discussed below.
Unusual Ransomware Note
The ransom note of scarab is quite different. The operators inform the affected users that their files have been encrypted due to some security issue with their PC. Usually, ransom notes inform don’t mention the reasons for the successful infiltrations of the cryptovirological script.
Operators Offer to Decrypt Three Files for Free
To guarantee the victims that they have the decryption key for ransomware removal, the operators of scarab offer the victims to mail them three files for free decryption. However, the files should meet certain criteria.
- No file should be more than 10 Mb in size
- Files should not contain any valuable data. For instance, the operators won’t decrypt a large spreadsheet for free
- The files to be decrypted for free should not be archived
It is a common practice among ransomware operators to offer free decryption of some files to prove their veracity.
Operators Guide the Victim to Get Bitcoin
Since they are asking for extortion money in Bitcoin, therefore they also provide the victims with a guide for how to get Bitcoin wallet. It is important to understand that Bitcoin has become the main currency of dealing for cybercriminal activities. Criminals prefer Bitcoin over fiat currencies to maintain their anonymity because it is hard to trace cryptocurrency transactions.
