Scarab-Ukrain Ransomware

Posted by Max Lehmann on May 20, 2019

What is Scarab-Ukrain Ransomware?

Scarab-Ukrain Ransomware is a malicious infection from the Scarab Ransomware family. There are multiple programs in this group, and they often target a specific user group. Judging from the name of this infection, we can assume that Scarab-Ukrain Ransomware targets users in Ukraine. However, you have to remember that malware doesn’t recognize national borders. It means that Scarab-Ukrain Ransomware could reach anyone out there, and you have to be ready to fight it. Scroll down to the bottom of this description for the manual removal instructions, and do not forget to get yourself a licensed antispyware tool that would help you with other malware removal.

Where does Scarab-Ukrain Ransomware come from?

As mentioned, this program is part of the Scarab Ransomware family. Also, further research shows that it is another version of the Scarab-Bomber Ransomware infection. Likewise, it should also spread in the most usual ways for a ransomware infection. What does that mean? It means that you have to be very careful about the files you receive every single day because ransomware programs usually spread via spam email attachments and unsafe Remote Desktop Protocol connections. It also means that it is possible to prevent Scarab-Ukrain Ransomware from entering the target system. You just need to be really careful about the files that reach you.

If you are not sure whether the file that reached you is safe or not, you can scan it with a security tool of your choice. It should become a habit because you probably receive lots of files on a daily basis, and you can never be sure whether all of them are malware-free.

What does Scarab-Ukrain Ransomware do?

As you can obviously tell, this ransomware infection encrypts personal files. Upon the installation, Scarab-Ukrain Ransomware scans the target system, searching for the types of files it can encrypt. This program cannot encrypt every single file on the computer because it still needs your system to function properly if it intends to receive the ransom payment. Therefore, it leaves the system and main program files intact, and it mostly affects personal files.

It is very likely that Scarab-Ukrain Ransomware attacks mostly corporate systems. Attacking corporate computer systems rather than individual computers is a lot more lucrative, especially if they target smaller businesses. Smaller businesses are more likely to purchase the decryption key because they have fewer funds to invest in cybersecurity, and thus, they are less likely that have all of their data backed up. Thus, for such legal entities, paying the ransom fee might be the only way to retrieve their data.

Scarab-Ukrain Ransomware informs the affected users about the ways they can “recover” their files via the ransom note. Here’s an extract from the said note (please note this is a translation from the Russian language):

YOUR FILES ARE ENCRYPTED!
Your personal ID
[ID]
Your documents, photos, databases, and other important data have been encrypted.
A data decryptor is required for data recovery.
To receive a decoder, you must send an email to cr64@keemail.me (cr64@mail.ee)
In the letter, specify your personal identifier (see at the beginning of this document).
Next, you need to pay the cost of the decoder. In the reply letter, you will receive the address of the Bitcoin wallet to which you need to transfer money and the amount of payment.

As you can see, Scarab-Ukrain Ransomware doesn’t specify the exact ransom amount, and it might even be decided individually. However, it is more than obvious that you should not contact these criminals. Paying the ransom would only encourage them to continue spreading these infections, and that is not how we fight them.

How do I remove Scarab-Ukrain Ransomware?

Deleting this infection isn’t too complicated, although it is always a good idea to scan your PC with a security tool that would offer deeper insights into your system’s status. Also, an automated antispyware tool would help you delete all the potential threats automatically.

Since Scarab-Ukrain Ransomware was released quite some time ago, you should be able to find a public decryption tool for this infection. Also, if you have all of your files backed up, you just need to remove the encrypted copies, and then transfer the healthy files back into your computer. Do not hesitate to address a professional if you need any help with ensuring your system’s security.

Manual Scarab-Ukrain Ransomware Removal

  1. Press Ctrl+Shift+Esc and the Task Manager will open.
  2. Open the Processes tab and highlight malicious processes.
  3. Click End Process and exit Task Manager.
  4. Delete unfamiliar files from Desktop.
  5. Go to the Downloads folder and remove the most recently downloaded files.
  6. Press Win+R and type %TEMP%. Click OK.
  7. Remove the most recent files.
  8. Press Win+R and type regedit. Click OK.
  9. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  10. On the right pane, right-click random-name values and select to delete them.
  11. Exit Registry Editor and scan your PC with SpyHunter. 100% FREE spyware scan and
    tested removal of Scarab-Ukrain Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *