.secure Files Virus (Scarab) - Remove It
THREAT REMOVAL

.secure Files Virus (Scarab) – Remove It

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

This article will help you to remove Scarab ransomware fully. Follow the ransomware removal instructions provided at the end of the article.

.secure Files Virus is a new variant of Scarab ransomware. Some malware researchers claim that it is also dubbed Scarabei or Scarabey due to it targeting Russian speakers and the note being in the Russian language. Scarab is a cryptovirus which locks your files and demands money as a ransom to get your files restored. According to some malware researchers, all files of a compromised computer get locked with the AES military grade encryption algorithm. The Scarab cryptovirus will encrypt your data, while also appending the custom .secure extension to each of the encrypted files. Continue to read and see how you could try to potentially recover some of your files.

Threat Summary

Name.secure Files Virus (Scarab)
TypeRansomware, Cryptovirus
Short DescriptionThe ransomware encrypts files on your computer system and demands a ransom to be paid to allegedly recover them.
SymptomsThe ransomware will encrypt your files with the AES encryption algorithm. All locked files will have the .secure extension appended to them.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .secure Files Virus (Scarab)

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .secure Files Virus (Scarab).
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.secure Files Virus (Scarab) – Delivery

Scarab ransomware might spread its infection in various ways. A payload dropper which initiates the malicious script for this ransomware is being spread around the World Wide Web, and researchers have gotten their hands on a malware sample. If that file lands on your computer system and you somehow execute it – your computer device will become infected.

Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Refrain from opening files right after you have downloaded them. You should first scan them with a security tool, while also checking their size and signatures for anything that seems out of the ordinary. You should read the tips for preventing ransomware located at the corresponding forum thread.

.secure Files Virus (Scarab) – Information

Scarab is a virus that encrypts your files and places a .txt file, with instructions inside the infected computer system. The extortionists want you to pay a ransom fee for the alleged restoration of your files.

Scarab ransomware could make entries in the Windows Registry to achieve persistence, and could launch or repress processes in a Windows environment. Such entries are typically designed in a way to launch the virus automatically with each start of the Windows operating system.

After encryption the Scarab virus shows a ransom message located inside a .txt file.

You can see its contents of this file, labeled Расшифровать файлы и работать дальше.TXT, from the following screenshot given down below:

The ransom note states the following:

Напишите на почту – secure32@cock.li
=========================================
ВАШИ ФАЙЛЫ ЗАШИФРОВАНЫ!
Ваш личный идентификатор pAQAAAAAAACazRP***Shoh+8DfAk
Ваши документы, фотографии, базы данных и другие важные файлы были зашифрованы.
Каждые 24 часа удаляются 24 файла, необходимо прислать свой идентификатор чтоб мы отключили эту функцию.
Каждые 24 часа стоимость расшифровки данных увеличивается на 30% (через 72 часа сумма фиксируется)
Для расшифровки данных:
Напишите на почту – secure32@cock.li
*В письме указать Ваш личный идентификатор
*Прикрепите 2 файла до 1 мб для тестовой расшифровки. мы их расшифруем, в качестве доказательства, что ТОЛЬКО МЫ можем их расшифровать.
-Чем быстрее вы сообщите нам свой идентификатор, тем быстрее мы выключим произвольное удаление файлов.
-Написав нам на почту вы получите дальнейшие инструкции по оплате.
В ответном письме Вы получите программу для расшифровки.
Запустите инструмент на вашем компьютере и безопасно расшифруйте все ваши данные.
Мы гарантируем: 100% успешное восстановление всех ваших файлов 100% гарантию соответствия 100% безопасный и надежный сервис
Внимание!
* Не пытайтесь удалить программу или запускать антивирусные средства
* Попытки самостоятельной расшифровки файлов приведут к потере Ваших данных
* Дешифраторы других пользователей несовместимы с Вашими данными, так как у каждого пользователя уникальный ключ шифрования =========================================
Ваш личный идентификатор pAQAAAAAAACazRPRHZTHF0QkCER=46Hrrt6z3NbbVYBJmCovXChr1VqYq0TMZK5KWr09tVvIUgZmvqnPqEXF

The note of the Scarab ransomware states that your files are encrypted and that you have to pay a ransom to get them back to normal. However, you should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that. Adding to that, giving money to cybercriminals will most likely motivate them to create more ransomware viruses or commit different criminal activities. That may even result to you getting your files encrypted once again.

The following e-mail address is used for contacting the cybercriminals:

  • secure32@cock.li

.secure Files Virus (Scarab) – Encryption

What is known for the encryption process of the Scarab ransomware is that every file that gets encrypted will receive the .base64code.secure suffix. That suffix is appended to the name of an encrypted file as a secondary extension. The original extension and filenames remain unchanged after encryption, as the .secure extension is added.

Currently there is no information regarding which types of files get encrypted by the malicious application.

The files which are used the most by users that probably get encrypted are probably from the following categories:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

This ransomware might be decryptable, but no specific decryption tool is released yet.

The Scarab cryptovirus deletes all Shadow Volume Copies from the Windows operating system with the help of the following command:

→vssadmin.exe delete shadows /all /Quiet

Along with the above-stated command, other ones are executed, which remove backups, making the effects of the encryption process more efficient. Those commands remove some of the viable ways to restore your data via Windows inherent processes. If a computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore some files back to their original state.

Remove Scarab Ransomware (.secure Files)

If your computer system got infected with the Scarab ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Tsetso Mihailov

Tsetso Mihailov

Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...