- Home
Detectable Ransomware Scarab 2020-2022
Ransomware Research
Scarab 2020-2022 Ransomware
Scarab 2020-2022 is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on April 1, 2020, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- Scarab 2020-2022
- First Seen
- April 1, 2020
How Scarab 2020-2022 Ransomware Works
Targeted Files
8945204fd97ddfc26a89fc84423dec6ad4fa82a6b38fba1c4f771733f36cb4c4 -> requires C&C 9772f0297b3ad52912400aa7dc154bbc6624c7716589af490a3a3bc71ffc401f -> requires C&C (can be emulated with fakenetNG)
File Encryption Patterns
Scarab 2020-2022 modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..rbs
..DecSec
..ncov
..scarry
..worcservice@protonmail.ch
..inc_evilsi@protonmail.ch
..cov19
..cashdashsentme@protonmail.com
..one
..coronavirus
..hacker_decryption@protonmail.ch
..FIXI
..amnesia
..MAKB
..protomolecule@gmx.us
..mail
..[[File-Help1@Yandex.ru]].mail
..[levandos@email.cz].trump
..ctb-locker
..ambrosia
..[Help224@Ya.RU].LOCKED
..saved
..777
..locked
..Bioawards
..(hupstore@keemail.me)
..restoreserver
..nginxhole
..ARTEMY
..aztecdecrypt@protonmail.com
..BARRACUDA
..[mrbin775@gmx.de].bin
..bitcoin
..bomber
..bomber_test_build
..deep
..ukrain
..sdk
..glutton
..hitler
..iudgkwv
..helpersmasters@airmail.cc
..yourhope@airmail.cc
..wewillhelp@airmail.cc
..lolita
..stevenseagal@airmail.cc
..ironhead
..rap
..nano
..moncrypt
..aescrypt
..crabs
..fuchsia
..kes$
..harry
..alilibat
..o$l
..sfs
..lbkut
..crash
..crypt000
..crypto
..ERROR
..nosafe
..tokog
..suffer
..CYBERGOD
..fastsupport@xmpp.jp
..danger
..[Dangerbtc@gmx.de].danger
..onlinesupport@airmail.cc
..supportfiless24@protonmail.ch
..online24files@airmail.cc
..fastrecovery@xmpp.jp
..fastrecovery@xmppp
..btchelp@xmpp.jp
..inchin
..decrypts@airmail.cc
..decryptsairmail.cc
..[grethen@tuta.io]
..DiskDoctor
..mammon
..DD
..Enter
..lol
..GEFEST
..Gefest3
..GFS
..crabslkt
..horsia@airmail.cc
..HORSE
..horsuke@nuke.africa
..good
..leen
..fast
..local
..burn
..[Jackie7@asia.com]
..kitty
..langolier
..crypt
..vally
..croc
..OBLIVION
..omerta
..osk
..cosmos
..frogo
..red
..please
..REBUS
..[Help-Mails@Ya.Ru].Scorpio
..[firmabilgileri@bk.ru]
..firmabilgileri
..JohnnieWalker
..xtbl
..zzzzzzzz
..Imshifau
..encrypt
Ransom Note and Payment Demands
After encrypting files, Scarab 2020-2022 displays ransom notes demanding payment for file recovery:
Инструкция по расшифровке данных.TXT
Ransom message:
notes/Инструкция по расшифровке данных.TXT
Как расшифровать файлы scarry.txt
Ransom message:
notes/Как расшифровать файлы scarry.txt
Инструкция по расшифровке файлов.TXT
Ransom message:
notes/Инструкция по расшифровке файлов.TXT
Note locations:
EveryFolder
HOW TO RECOVER ENCRYPTED FILES.TXT
Ransom message:
notes/HOW TO RECOVER ENCRYPTED FILES.TXT
Note locations:
EveryFolder
TO RECOVER.TXT
HOW TO DECRYPT FILES.TXT
Ransom message:
notes/HOW TO DECRYPT FILES.TXT
Note locations:
EveryFolder
DECRYPT INFORMATION.TXT
Ransom message:
notes/DECRYPT INFORMATION.TXT
Note locations:
EveryFolder
HOW TO RESTORE FILES.TXT
Ransom message:
notes/HOW TO RESTORE FILES.TXT
Note locations:
EveryFolder
HOW TO RECOVER ENCRYPTED FILES - decrypts@airmail.cc.TXT
Ransom message:
notes/HOW TO RECOVER ENCRYPTED FILES - decrypts@airmail.cc.TXT
Note locations:
EveryFolder
КАК ВОССТАНОВИТЬ ЗАШИФРОВАННЫЕ ФАЙЛЫ.TXT
Ransom message:
notes/КАК ВОССТАНОВИТЬ ЗАШИФРОВАННЫЕ ФАЙЛЫ.TXT
Note locations:
EveryFolder
Instruction for file recovery.txt
Инструкция.TXT
Instruction.txt
read me.TXT
DECRYPT FILES.TXT
Ransom message:
notes/DECRYPT FILES.TXT
HOW TO RECOVER ENCRYPTED FILES SRV01.TXT
RECOVER ENCRYPTED FILES.TXT
Technical Indicators
Associated Executable Files
The following executable files are associated with Scarab 2020-2022 ransomware:
osk.exe
system.exe
coronavirus.exe
guide.exe
svchost.exe
bndf.exe
systemx.exe
svchostmsi.exe
Elastio Can Help You
Don't let Scarab 2020-2022 ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Scarab 2020-2022 ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Scarab 2020-2022.
Last updated: July 30, 2025