Remove Scarab-Amnesia Ransomware - Restore .skype Files
THREAT REMOVAL

Remove Scarab-Amnesia Ransomware – Restore .skype Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Scarab-Amnesia (.skype) and other threats.
Threats such as Scarab-Amnesia (.skype) may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article will aid you to remove Scarab-Amnesia ransomware fully. Follow the ransomware removal instructions provided at the end of the article.

Scarab-Amnesia is a cryptovirus that locks your files and asks money as a ransom to supposedly get your files recovered. According to some malware researchers, all files of a compromised computer get locked with the AES military grade encryption algorithm. The Scarab-Amnesia cryptovirus will encrypt your data and files, while placing the .skype extension to them. In addition, the Skype logo is used by the ransomware. Keep on reading the article and see how you could try to potentially recover some of your files.

Threat Summary

NameScarab-Amnesia (.skype)
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer system and demands a ransom to be paid to allegedly recover them.
SymptomsThe ransomware will encrypt your files with the AES encryption algorithm. All locked files will become unusable after encryption which will leave them with the .skype extension.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Scarab-Amnesia (.skype)

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Scarab-Amnesia (.skype).
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Scarab-Amnesia Ransomware – Infection

Scarab-Amnesia ransomware might spread its infection in various ways. A payload dropper which initiates the malicious script for this ransomware is being spread around the World Wide Web, and researchers have gotten their hands on a malware sample. If that file lands on your computer system and you somehow execute it – your computer system will become infected.

Below, you can see the payload file of the cryptovirus being detected by the VirusTotal service:

Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Refrain from opening files right after you have downloaded them. You should first scan them with a security tool, while also checking their size and signatures for anything that seems out of the ordinary. You should read the tips for preventing ransomware located at the corresponding forum thread.

Scarab-Amnesia Ransomware – Overview

Scarab-Amnesia is a virus that encrypts your files and places an .txt file, with instructions inside. The extortionists want you to pay a ransom fee for the alleged restoration of your files. The ransom fee may vary in regard to the different victims. Scarab-Amnesia is allegedly a variant of the Scarab Ransomware Family.

The ransomware uses the following two emails for contacting the cybercriminals:

Scarab-Amnesia ransomware could make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows environment. Such entries are typically designed in a way to launch the virus automatically with each start of the Windows operating system.

After encryption the Scarab-Amnesia virus shows a different ransom message depending on the preferred language of an infected computer system and has a specific note for Russian-speaking users. The ransom notes carry these names:

  • Как восстановить зашифрованные файлы.txt
  • HOW TO RECOVER ENCRYPTED FILES.TXT

You can see the contents of the .txt file, from the following screenshot given here:

The ransom note is written in the English language and states the following:

===========================================================================================

HOW TO DECRYPT YOUR FILES

====================================================================================

HOW TO DECRYPT YOUR FILES

Your personal ID
6A020000000000008FF6A8C61D915803008045B0296B3FFC69CE88FCF807B4CAC3DBA6B52E50AAB19D5964EB5DEF1D8B6C5050B937666AA98DCB48AB4946B75DE21EDDDCD78545BF5595DAD75598FA18976CEBA5F9762A2B647BA74B752231BDB578952E6D432AA760F177E8EA1658A0DDB71DBAA892E67B41B2665F12AC9DFA3B643DFDBB2632BAF95A7973E9543269FF6B5B137ACB7BBBEA2ED4CEF5678CAEE966E9E3879DC9CB24150F899E862041B927B0802834776461305B307C7C9B7B61750C938724061B4C6648A5E86DC786B9FC54B10C4A6B58F1CA64024C78DBDB8550FAC39B38C4A43A78FA40714C25542B2A9DD135A07C721F52E2A4AF4C9DC9D0532AEC7CF90E4730EDDBB82193ABEAD5180878CA0A56ABDB601CBE58C9B59CD5874DAAA1E1EA67789AABC03EB1D0080D50706269F401

Your files, documents, photo, databases and all the rest aren’t
They are ciphered by the most reliable enciphering.
It is impossible to restore files without our help.
You will try to restore files independent you will lose files

FOREVER.

——————————————————————————————-
You will be able to restore files so:

to contact us by e-mail: [email protected]
* report your ID and we will switch off any removal of files
(if don’t report your ID identifier, then each 24 hours will be
to be removed on 24 files. If report to ID-we will switch off it)
* you send your ID identifier and 2 files, up to 1 MB in size everyone.
We decipher them, as proof of a possibility of interpretation.
also you receive the instruction where and how many it is necessary to pay.

you pay and confirm payment.
after payment you receive the DECODER program. which you restore ALL YOUR FILES.

——————————————————————————————–
You have 72 hours on payment.
If you don’t manage to pay in 72 hours, then the price of interpretation increases twice.
The price increases twice each 72 hours.
To restore files, without loss, and on the minimum tariff, you have to pay within 72 hours.
Address for detailed instructions e-mail: [email protected]
* If you don’t waste time for attempts to decipher, then you will be able to restore all files in 1 hour.
* If you try to decipher – you can FOREVER lose your files.
* Decoders of other users are incompatible with your data as at each user unique key of enciphering

If it is impossible to communicate through mail
* Be registered on the website http://bitmsg.me (service online of sending Bitmessage)
* Write the letter to the address BM-2cVNaCJejHJpnyLrtXYGJVfVdviHfa1jpd with the indication of your mail and the personal identifier
and we will communicate.

——————————————————————————————–

If you have no bitcoins
* Create Bitcoin purse: https://blockchain.info
* Buy Bitcoin in the convenient way
https://localbitcoins.com/ru/buy_bitcoins (Visa/MasterCard)
https://www.buybitcoinworldwide.com/ (Visa/MasterCard)
https://en.wikipedia.org/wiki/Bitcoin (the instruction for beginners)

– It doesn’t make sense to complain of us and to arrange a hysterics.
– Complaints having blocked e-mail, you deprive a possibility of the others, to decipher the computers.
Other people at whom computers are also ciphered you deprive of the ONLY hope to decipher. FOREVER.
– Just contact with us, we will stipulate conditions of interpretation of files and available payment, in a friendly situation
====================================================================================

The note of the Scarab-Amnesia ransomware virus states that your files are encrypted. You are demanded to pay money to allegedly restore your files. However, you should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that. Adding to that, giving money to cybercriminals will most likely motivate them to create more ransomware viruses or commit different criminal activities. That may even result to you getting your files encrypted once again.

Scarab-Amnesia Ransomware – Encryption Process

What is known for the encryption process of the Scarab-Amnesia ransomware is that every file that gets encrypted will become simply unusable. All encrypted files will receive the “.skype” extension appended to them. Some researchers argue whether the AES encryption algorithm is used for the file encryption.

The full list with the targeted extensions of files which are sought to get encrypted is currently unknown. However, if it becomes known, it will be posted here as an update to the article.

The files used most by users and which are probably encrypted are from the following categories:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

The Scarab-Amnesia cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

In case the above-stated command is executed that will make the effects of the encryption process more efficient. That is due to the fact that the command eliminates one of the prominent ways to restore your data. If a computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore some files back to their normal state.

Remove Scarab-Amnesia Ransomware and Restore .skype Files

If your computer system got infected with the Scarab-Amnesia ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Note! Your computer system may be affected by Scarab-Amnesia (.skype) and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Scarab-Amnesia (.skype).
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Scarab-Amnesia (.skype) follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Scarab-Amnesia (.skype) files and objects
2. Find files created by Scarab-Amnesia (.skype) on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by Scarab-Amnesia (.skype)
Tsetso Mihailov

Tsetso Mihailov

Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...