Scarab-Glutton Ransomware comes from Scarab Ransomware family, so more or less it acts same as the versions created before it. However, we will discuss their differences and similarities further in this article. No doubt, many users who come across such threats want to find out how they manage to enter their computers, which is why we will present the malware’s possible distribution channels too. As for our advice on what to do after receiving such a malicious program, we think it would be safest to eliminate it. There is not knowing whether the Scarab-Glutton Ransomware’s developers will hold on to their word, so there is a chance they may not help decrypt your files even if you pay a ransom. If you decide it would be best to remove it from the system, you could use the deletion instructions located below this text or a reliable security tool of your choice.
After researching Scarab-Glutton Ransomware, our researchers think the malware might be spread via malicious software installers, untrustworthy email attachments, or by exploiting the device’s weaknesses. Therefore, there might be a few things to take care of or to do if you do not wish to come across such threats next time. To begin with, you should either avoid opening doubtful email attachments and files downloaded from unreliable web pages or install a reliable security tool so you could scan all questionable data with it. Then, we would recommend getting rid of weaknesses that your computer might have, for example, outdated software, weak passwords, and so on.
This new version marks its encrypted files with .glutton extension, which is why it was named Scarab-Glutton Ransomware. Another difference is the names of the data the malware drops when settling in on the targeted computer. For instance, Scarab-Cybergod Ransomware creates a file named helper.exe in the %APPDATA% folder, while this new variant places an executable file named winupmgr.exe in the same location. What is the same is the malicious application still encrypts user’s data with a strong encryption algorithm to make it unusable. Also, it shows almost identical ransom note, although this time it is named !!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT instead of From Jobe Smith.TXT (ransom note dropped by Scarab-Cybergod Ransomware). Again the message does not say how much the user is supposed to pay for getting tools to decrypt his files. The hackers merely ask to contact them via email to learn how much is it and how to make a payment.
Just as we said earlier, we would not recommend paying the ransom as by doing so you could end up being scammed. Thus, it would be wiser to think for a moment and remember if you have any backup copies you might have saved on some removable media device or cloud storage. Nevertheless, keep it in mind Scarab-Glutton Ransomware can restart with the operating system which means none of the files on the system will be safe until you eliminate this malicious program. To remove it manually you could complete the steps provided in the deletion instructions we added at the end of this page, although it might be easier to get a reliable security tool and let it erase the malware for you.