Infected with Scarab-Crypto Ransomware? Need to decrypt .crypto files?

What is Scarab-Crypto Ransomware

Scarab-Crypto is a parallel version of the Scarab Ransomware, which can cause troubles for users. The main purpose of such viruses is to encrypt most important files on user’s machine and to require a ransom from victims. Antiviruses without real-time internet protection are useless against Scarab-Crypto. A malicious program has unique symptoms: firstly, every encrypted file got a .crypto suffix using the AES. Coded files are impossible to view and edit. Besides, Scarab-Crypto puts on the desktop a file HOW TO RECOVER ENCRYPTED FILES.TXT with the following information:

===
Warning read this carefully!!!!!!
===
All your files are encrypted
Your personal identifier
6A02000000000000***9EAD3E
Your documents, photos, databases, save games and other important data were encrypted.
Data recovery requires a decryptor.
To receive the decryptor, you should send an email to the email address: anticrypto@protonmail.com.
In the letter, indicate your personal identifier (see the beginning of this document).
Next, you pay the cost of the decryptor. In the reply letter you will receive the address
Bitcoin-purse, to which you need to transfer money.
If you do not have bitocoins you can buy Bitcoin:
https://localbitcoins.com/ru/buy_bitcoins(Visa/MasterCard, QIWI Visa Wallet ....)
Also you can use any convenient way for you to buy bitcoin
When the money transfer is confirmed, you will receive a file decryption for your computer.
After starting the decryption program, all your files will be restored.
Attention!
* Do not attempt to uninstall the program or run antivirus software
* Attempts to self-decrypt files will result in the loss of your data
* Decoders of other users are incompatible with your data, as each user unique encryption key
===

Note: cybercriminals can trick you, so we recommend not to pay them. There are several known viruses in Sacarab genealogy: Amnesia Ransomware, Amnesia-2 Ransomware, and Scarab-Amnesia Ransomware. All these viruses distributed since the second half of 2017 and targets mostly English-speaking users. Despite, encoded by one of these threats files are unreadable, there are certain methods to restore encrypted files manually. Use this article to remove Scarab-Crypto Ransomware completely from Windows 10, 8, 7 and decrypt .crypto files.

Scarab-Crypto Ransomware

Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. Also check following website for possible decryptor: Emsisoft Decryptors.

How Scarab-Crypto Ransomware infected your PC

It can spread through spam emails and malicious attachments, web injects, fake updates and repacked infected installers. Ransom is asked to be paid in BitCoins, that also makes the task difficult for the police, as the user in this network is often anonymous. Encryption starts in the background. Way to protect your computer from such threats is to use antiviruses with crypto-protection like HitmanPro.Alert with CryptoGuard.

First of all, don’t panic. Follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Scarab-Crypto Ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.

Recommended Solution:

Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to Scarab-Crypto Ransomware – files, folders, registry keys.

 

Download Norton*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.

Step 2: Remove following files and folders of Scarab-Crypto Ransomware:

Remove following registry entries:

no information

Remove following files and folders:

\Desktop\
\User_folders\
%APPDATA%\

(random name).exe

How to decrypt files infected by Scarab-Crypto Ransomware (random files)?

Use automated decryption tools

kaspersky rakhni decryptor for Scarab-Crypto Ransomware

There is ransomware decryptor from Kaspersky that can decrypt files. It is free and may help you restore files encrypted by Scarab-Crypto Ransomware virus. Download it here:

Download Kaspersky RakhniDecryptor

You can also try to use manual methods to restore and decrypt files.

Decrypt files manually

Restore the system using System Restore

system restore

Although latest versions of Scarab-Crypto Ransomware remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.

  1. Initiate the search for ‘system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged (in our case – Scarab-Crypto Ransomware by Scarab-Crypto Ransomware). This feature is available in Windows 7 and later versions.

windows previous versions

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Restore encrypted files using shadow copies

stellar-data-recovery

  1. Download and run Stellar Data Recovery.
  2. Select type of files you want to restore and click Next.
  3. Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
  4. Once the scanning process is done, click Recover to restore your files.

Protect your files from ransomware

Most modern software can protect your data from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach to protect your files from ransomware and lockers. One of the best is SOS Online Backup. The product will automatically find important files, then simply make a daily backup on the remote server. SOS runs quietly and automatically in the background and supports any size and any file type. All SOS apps (desktop AND mobile) encrypt files using UltraSafe 256-bit AES before transferring them to the cloud. You will not lose your important data. Download One Year Plan.

SOS Online Backup

Information provided by: Alexey Abalmasov

Leave a Reply

Your email address will not be published. Required fields are marked *