Scarab Ransomware Distributed to Over 12.5M Email Accounts

Scarab Ransomware Explodes Worldwide

A new ransomware variant, deemed Scarab, began taking the world by storm earlier this month.  The new variant was first discovered on November 23, 2017.  Since being discovered, it is believed the ransomware was sent to over 12,500,000 different email accounts.  The emails distributed included the ransomware in a .zip file, which upon downloading would install Scarab onto the recipient’s device.  Upon installation, the ransomware would target files for encryption.  After the file was encrypted, it would change the file extension to .scarab.  According to Infosecurity Magazine, the recipient email addresses ended in .com and co.uk.

The hackers are informing their victims, in order for the files to be unlocked, they must pay an undisclosed amount of money through bitcoin payments.  Bitcoins are a virtual currency, that hackers prefer to use as their method of payment due to the lack of ability for it to be traced.  Although, PC Matic does not encourage any victims to pay the ransom demand for the following reasons,

  • There are no guarantees paying the ransom will unlock the files
  • Paying the ransom puts a target on your back — if you’ve paid once, hackers believe you’ll likely pay again
  • Paying the hackers only fuels their fire to keep infecting more people and more devices for higher paydays

Ransomware Prevention

Instead, if you are a victim of ransomware, you should retrieve your files via backups.  Better yet, be proactive.  Instead of wondering what to do after infection, prevent them from infiltrating the system to begin with.  You can do so by taking the following steps:

  1. Implement a security solution that uses application whitelist technology.  PC Matic, PC Matic Pro and PC Matic MSP use their own, automated global whitelist to prevent cyber threats from executing — including ransomware.  To date, none of their customers have been infected with any of the global ransomware attacks – WannaCry, NotPetya, Bad Rabbit, or Scarab.
  2. Disable Macros
  3. Evaluate which users have administrative rights
  4. Backup your data
  5. Keep all programs and operating systems updated

(Visited 11,879 times, 16 visits today)

20 thoughts on “Scarab Ransomware Distributed to Over 12.5M Email Accounts

    • Hi Carl, PC Matic should not have created issues with your ability to print. However, to confirm, you may contact our support team at http://www.pcmatic.com/help. Our technicians will be able to verify if PC Matic is creating any conflicts, and if so — resolve them promptly. Our support team is available seven days a week and will be able to assist you further. Thank you!

  1. I recently experienced a FAKE message from Mirosoft. If It hadn’t been, a warning about this fake message, from pcmatic, I would have called the number on the screen, in an attempt to fix my FAKE problem. I thank pcmatic for arming me with the knowledge in advance for the protection I needed, not to fall in this scam!!!!
    I was able to resolve the problem through the real Microsoft.
    Patrick

  2. I received an email a while ago from Fedx saying my package could not be delivered,click here for a next delivery date so I did and got a black box with text scrolling through it so I X out but to late they got me.What surprised me was I tried to run PC Matic and it was no longer on my computer.I ran a backup from the day before and had to get on line to download PC Matic.Thought this was supposed to stop this kind of thing.I was lucky didn’t loose a thing but now I wonder about PC Matic.

    • Shouldn’t have clicked on the link. If you were expecting a package from someone, you should have received a tracking number. Use it instead. The link you clicked on probably connected to a site that wipes security programs so Pcmatic didn’t catch it cuz there was no warning

  3. I want to TALK TO A HUMAN!!!! The immediacy and detail possible with phone conversations, in a timely way, far exceeds the cumbersome lags and time-drags with written communication are very frustrating to me. Do you have a PHONE NUMBER for direct customer service??

    Thank you.

  4. Macros – Explain please – I know it has nothing to do with food in this contex – and how would I recognise
    and disable it?

  5. Your advice to restore backups is likely useless considering the announcement of the breach could have very well been delayed so the persons backups have been infected for months, even years. The best advice i think you can give folks is to turn on show details of the email address from field, to verify the email came from the persons domain and not spoffed to look like it.

    • Hi Bruce, you have a valid point. However, ransomware is often detected immediately by the organization. What happens is, the hackers lock the system(s) and files and then send a ransom note explaining how they can restore their files by paying a sum of money — to the hackers. This notification typically occurs rather quickly after encryption. Although, there is certainly a risk that the backup systems were also impacted. If that is the case, you’re correct, backups won’t cut it. Backing up data is in no way a “golden ticket”, which is why we recommend users to implement a security solution that uses application whitelisting. With a whitelist approach, only known trusted programs can run, which successfully mitigates the risk of malicious files executing on endpoint devices.
      Thank you for your feedback!

  6. So glad I got PC M<atic and Super Shield when I did. I have almost forgotten how I used to worry before, even when I had Norton or a couple of others that didn't always catch everything up front. Got Evergreen subscription and I've never looked back.

    • Absolutely! As discussed in the post, PC Matic’s application whitelist has protected against this, as well as all other global ransomware attacks (WannaCry, NotPetya, and Bad Rabbit). Thanks for checking!!

Leave a Reply

Your email address will not be published. Required fields are marked *