Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scarab / Mich78 Ransomware (.scarab, .scorpio, .[mich78@usa.com]) Support Topic


  • Please log in to reply
424 replies to this topic

#421 jpcapone

jpcapone

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 11 October 2018 - 05:11 PM

Hello,

I just used the Id.Ransomware site and it was determined that I have been hit by Scarab.  I know it was done via RDP.  It states that i can decrypt my files under certain circumstances.  How would I go about doing that?



BC AdBot (Login to Remove)

 


#422 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:26 AM

Posted 11 October 2018 - 05:24 PM

Dr.Web may be able to decrypt some variants of Scarab Ransomware (see Post #318 by Emmanuel_ADC-Soft) but they need the ransom note and 3-4 encrypted files as indicated here.

If Dr.Web cannot assist with the Scarab variant which infected your system, then unfortunately, there is no other known method at this time to decrypt files without paying the ransom.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#423 jpcapone

jpcapone

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 11 October 2018 - 05:35 PM

Thanks for the quick reply.



#424 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:26 AM

Posted 11 October 2018 - 05:43 PM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#425 Amigo-A

Amigo-A

  • Members
  • 583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:10:26 AM

Posted 12 October 2018 - 01:26 PM

There is another provider that can decrypt files after the Scarab attack.
This is done by decryption specialists from Eset. Address: www.eset.com/int/support/contact/
It is necessary to refer to them, they can make a decoder to all the latest versions of Scarab.
 
xvxwi0l.png
 
If you are already their client, then this operation will be free or low-cost.
If you are not their client, you will have to buy a license to get a decoder.
 
I was told by several people that their files were decrypted. They received files and a license for a commercial anti-virus product.
I presented a screenshot of the decoder above. It is not a shared file. It is made for each version and each client.

Edited by Amigo-A, 13 October 2018 - 08:27 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users