Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Scarabey Ransomware

Scarabey Ransomware is a new dangerous malware infection that seems to target Russian speakers. This ransomware is coded in Delphi and appears to be a new variant of the well-known Scarab Ransomware. If you do not have a backup, you may lose all your important files from your computer as this vicious program encrypts all important file types and extensions. We have no knowledge of a free decryptor yet; therefore, the only way for you to recover your files for the time being is to have the unique decryption key stored secretly on a remote server operated by your attackers. Although you may think that paying the demanded ransom fee could help you get your files back, we want to warn you that this is rarely the case. In fact, we advise you to remove Scarabey Ransomware from your PC immediately even if your files would remain encrypted. Hopefully, you do have a backup to replace your files.

We have found that this dangerous infection can be spread via Remove Desktop Protocol (RDP). In this attack, your remote desktop software, such as TeamViewer, may be configured poorly, i.e., insecurely, so these attackers can easily gain access to your system through it. For example, you may have a weak password that is easy to crack. The problem is that you will never see it coming. Once these criminals gain access, they can install this vicious ransomware program and activate it on your PC. You will only notice its presence when all your files become inaccessible and you find the ransom note on your desktop with the shocking message. Consequently, it is not possible to delete Scarabey Ransomware without the possibility of losing your files. Make sure that your remote desktop software is properly and safely set up to avoid similar attacks.

It is also important that you be more cautious around your e-mails as well since this ransomware may be distributed via spam campaigns. Such an attack usually requires you to open this spam and click to see the attached file as well. This attachment is practically the malicious executable that will set up the operations on your system and start the "deadly" encryption process. If you receive a mail claiming that you have an unpaid invoice or entered the wrong credit card details in an online shopping or booking case, you should be alert and not open this mail. Remember that you cannot delete Scarabey Ransomware without the encryption of your files.

Our research shows that this ransomware program is aimed at Russian computer users. It uses a strong encryption algorithm, which may not be able to be decrypted without the unique decryption key. This threat scans your system and encrypts all popular file extensions, including doc, .docb, .docm, .docx, .java, .jpeg, .jpg, .mp3, .mp4, .mpa, .pdf, .php, .rar, .raw, .txt, .vcf, .vob, .wav, .wma, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip, etc. The encrypted files have a ".scarab" extension, which makes it easy for you to measure the extent of this attack. The ransom note called "Инструкция по расшифровке.txt" (Decryption Instructions) is dropped on your desktop.

This note is in Russian language. It informs you that 24 files will be deleted after every 24 hours if you do not pay the demanded ransom fee. You have 48 hours to pay. It is possible that the amount is $50 in Bitcoins as suggest by the ransom note, which states that "Every foul word in our address is + 50 $ for payment." Since you have to contact these cyber criminals via "Support56@cock.li," we believe that, in this case, it could be $50. If you do not pay for 72 hours, all files on your computer will be deleted; at least, this is what these crooks say. Yet, we do not encourage you to pay. Instead, you should remove Scarabey Ransomware as soon as possible.

If you want to tackle this dangerous ransomware program manually, you can follow our instructions below this report. If you do not trust your IT skills though, you may want to employ a trustworthy malware removal program, such as SpyHunter. But just because you care to defend your system with a powerful tool like this, you should not forget about the importance of updating your programs. Please note that cyber criminals can access your computer via outdated software security bugs; therefore, you need to take care of the updating to prevent such horrible attacks from happening.

How to remove Scarabey Ransomware from Windows

  1. Press Win+E.
  2. Locate and delete the malicious executable file if you may have downloaded it from a spam.
  3. Delete "%APPDATA%\sevnz.exe"
  4. Bin the ransom note text file from your desktop.
  5. Empty your Recycle Bin.
  6. Restart your PC.
Download Spyware Removal Tool to Remove* Scarabey Ransomware
  • Quick & tested solution for Scarabey Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.