This article will aid you to remove Scarab-Amnesia ransomware fully. Follow the ransomware removal instructions provided at the end of the article.
Scarab-Amnesia is a cryptovirus that locks your files and asks money as a ransom to supposedly get your files recovered. According to some malware researchers, all files of a compromised computer get locked with the AES military grade encryption algorithm. The Scarab-Amnesia cryptovirus will encrypt your data and files, while placing the .skype extension to them. In addition, the Skype logo is used by the ransomware. Keep on reading the article and see how you could try to potentially recover some of your files.
|Short Description||The ransomware encrypts files on your computer system and demands a ransom to be paid to allegedly recover them.|
|Symptoms||The ransomware will encrypt your files with the AES encryption algorithm. All locked files will become unusable after encryption which will leave them with the .skype extension.|
|Distribution Method||Spam Emails, Email Attachments|
|Detection Tool|| See If Your System Has Been Affected by Scarab-Amnesia (.skype) |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Scarab-Amnesia (.skype).|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Scarab-Amnesia Ransomware – Infection
Scarab-Amnesia ransomware might spread its infection in various ways. A payload dropper which initiates the malicious script for this ransomware is being spread around the World Wide Web, and researchers have gotten their hands on a malware sample. If that file lands on your computer system and you somehow execute it – your computer system will become infected.
Below, you can see the payload file of the cryptovirus being detected by the VirusTotal service:
Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Refrain from opening files right after you have downloaded them. You should first scan them with a security tool, while also checking their size and signatures for anything that seems out of the ordinary. You should read the tips for preventing ransomware located at the corresponding forum thread.
Scarab-Amnesia Ransomware – Overview
Scarab-Amnesia is a virus that encrypts your files and places an .txt file, with instructions inside. The extortionists want you to pay a ransom fee for the alleged restoration of your files. The ransom fee may vary in regard to the different victims. Scarab-Amnesia is allegedly a variant of the Scarab Ransomware Family.
The ransomware uses the following two emails for contacting the cybercriminals:
Scarab-Amnesia ransomware could make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows environment. Such entries are typically designed in a way to launch the virus automatically with each start of the Windows operating system.
After encryption the Scarab-Amnesia virus shows a different ransom message depending on the preferred language of an infected computer system and has a specific note for Russian-speaking users. The ransom notes carry these names:
- Как восстановить зашифрованные файлы.txt
- HOW TO RECOVER ENCRYPTED FILES.TXT
You can see the contents of the .txt file, from the following screenshot given here:
The ransom note is written in the English language and states the following:
HOW TO DECRYPT YOUR FILES
HOW TO DECRYPT YOUR FILES
Your personal ID
Your files, documents, photo, databases and all the rest aren’t
They are ciphered by the most reliable enciphering.
It is impossible to restore files without our help.
You will try to restore files independent you will lose files
You will be able to restore files so:
to contact us by e-mail: WESTLAN@PROTONMAIL.CH
* report your ID and we will switch off any removal of files
(if don’t report your ID identifier, then each 24 hours will be
to be removed on 24 files. If report to ID-we will switch off it)
* you send your ID identifier and 2 files, up to 1 MB in size everyone.
We decipher them, as proof of a possibility of interpretation.
also you receive the instruction where and how many it is necessary to pay.
you pay and confirm payment.
after payment you receive the DECODER program. which you restore ALL YOUR FILES.
You have 72 hours on payment.
If you don’t manage to pay in 72 hours, then the price of interpretation increases twice.
The price increases twice each 72 hours.
To restore files, without loss, and on the minimum tariff, you have to pay within 72 hours.
Address for detailed instructions e-mail: firstname.lastname@example.org
* If you don’t waste time for attempts to decipher, then you will be able to restore all files in 1 hour.
* If you try to decipher – you can FOREVER lose your files.
* Decoders of other users are incompatible with your data as at each user unique key of enciphering
If it is impossible to communicate through mail
* Be registered on the website http://bitmsg.me (service online of sending Bitmessage)
* Write the letter to the address BM-2cVNaCJejHJpnyLrtXYGJVfVdviHfa1jpd with the indication of your mail and the personal identifier
and we will communicate.
If you have no bitcoins
* Create Bitcoin purse: https://blockchain.info
* Buy Bitcoin in the convenient way
https://en.wikipedia.org/wiki/Bitcoin (the instruction for beginners)
– It doesn’t make sense to complain of us and to arrange a hysterics.
– Complaints having blocked e-mail, you deprive a possibility of the others, to decipher the computers.
Other people at whom computers are also ciphered you deprive of the ONLY hope to decipher. FOREVER.
– Just contact with us, we will stipulate conditions of interpretation of files and available payment, in a friendly situation
The note of the Scarab-Amnesia ransomware virus states that your files are encrypted. You are demanded to pay money to allegedly restore your files. However, you should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that. Adding to that, giving money to cybercriminals will most likely motivate them to create more ransomware viruses or commit different criminal activities. That may even result to you getting your files encrypted once again.
Scarab-Amnesia Ransomware – Encryption Process
What is known for the encryption process of the Scarab-Amnesia ransomware is that every file that gets encrypted will become simply unusable. All encrypted files will receive the “.skype” extension appended to them. Some researchers argue whether the AES encryption algorithm is used for the file encryption.
The full list with the targeted extensions of files which are sought to get encrypted is currently unknown. However, if it becomes known, it will be posted here as an update to the article.
The files used most by users and which are probably encrypted are from the following categories:
- Audio files
- Video files
- Document files
- Image files
- Backup files
- Banking credentials, etc
The Scarab-Amnesia cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:
→vssadmin.exe delete shadows /all /Quiet
In case the above-stated command is executed that will make the effects of the encryption process more efficient. That is due to the fact that the command eliminates one of the prominent ways to restore your data. If a computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore some files back to their normal state.
Remove Scarab-Amnesia Ransomware and Restore .skype Files
If your computer system got infected with the Scarab-Amnesia ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.