Alempratoor

Scarab Ransomware Help Needed

Recommended Posts

Greetings;

I've been infected by Ransomware that destroy my all personal data ,I've come here to get aid and provide all the necessary information

My Ransomware as the RID specify is Scarab with ext (.rap) ,and email r[email protected] .

I've spent the last week just trying to find a solution opening 8 tabs sending emails and contacting every possible person for aid,

I understand it's my responsibility from the beginning , however ; I have no where to go 

so please help me with any way you have , if not i think i'm gonna copy my files to external drive until we found some decryption in the future .

thank you 

sig.jpg.rap

HOW TO RECOVER ENCRYPTED FILES.TXT

Share this post


Link to post
Share on other sites

Scarab

This ransomware may be decryptable under certain circumstances.

Please refer to the appropriate guide for more information.

Identified by

  • ransomnote_email: [email protected]
  • sample_extension: .rap
  • custom_rule: Encrypted size marker [0x00 - 0x08] 0x0440000000000000

cover_letter.docx.rap

HOW TO RECOVER ENCRYPTED FILES.TXT

Share this post


Link to post
Share on other sites

thank you for replaying 

And no I don't connect to Emsisoft in any case ,except that I connect them to find a solution , I don't deny that they have a nice set of decryption tools that come in handy with many occasion .

and i connect Dr.WEB for a decryption tools it seems they can decipher the code if it's   v.1 and you can know that by opening your encrypted file with notepad and recognize the set of numbers at the end to find-out what type of cipher it is v.1,v.2 or v.3

v.2 and v.3 can not be decipher yet ,although v.1 is possible 

i'm happy if you can assist me with any way 

thank you for your time .

Share this post


Link to post
Share on other sites

Thank you for your support , I contact Dr.Web and they give me instruction to follow to see if the Ransomware can be decoded , and as you say I have to purchase their product along with the decryption for 150 Euro , 
however; when i ask them for more details about the Ransomware they said it's Trojan.Encoder.11464 version 2 , while the R-ID identify it as Scarab are they the same ?? 

I thought that if i can identify the Ransomware i can find a decryption easier for free , do you have any information about that specific Ransomware ?

Thank you for your support 

Share this post


Link to post
Share on other sites

I've hidden rubberswip's posts in this topic for now, as he's not someone we've authorized to give advise.

He is correct that Dr.Web can decrypt some cases of the Scarab ransomware. They do use their own system for naming ransomware, so they will rarely call things by the same names that everyone else does.

 

11 hours ago, Alempratoor said:

I thought that if i can identify the Ransomware i can find a decryption easier for free , do you have any information about that specific Ransomware ?

There's no free decrypter for Scarab (at least not yet).

The only write-ups on Scarab that I am aware of are about a year old, however at least some of the data there is still valid:
https://www.bleepingcomputer.com/news/security/scarab-ransomware-pushed-via-massive-spam-campaign/
https://www.bleepingcomputer.com/news/security/scarabey-ransomware-a-scarab-version-targeting-enterprises/

BleepingComputer has a number of articles tagged with "scarab" that include information about newer variants, however they are mostly weekly reviews of developers in ransomware and won't contain as much information:
https://www.bleepingcomputer.com/tag/scarab/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.