Scarab-Bomber Ransomware

Posted by Lisa Blanc on July 5, 2018

What is Scarab-Bomber Ransomware?

Scarab-Bomber Ransomware is a tricky infection because it has at least two versions, but it is certain that this program is a ransomware infection that encrypts user’s files and then demands that the victims paid a ransom fee. We always say this when we deal with ransomware: paying is not an option because you would only encourage these criminals to continue committing the same cybercrimes. Therefore, you need to remove Scarab-Bomber Ransomware, and then look for ways to either restore your files or you simply start anew. Please remember that ransomware infections are really dangerous, and sometimes it is impossible to decrypt the affected data.testtest

Where does Scarab-Bomber Ransomware come from?

Scarab-Bomber Ransomware is a new version of the previously released Scarab Ransomware. Just like most of the ransomware programs, this application tends to spread with the spam email messages. It also means that users download and open the installer file willingly, as the program cannot drop itself onto the target computer. So in order to avoid such infections, users should be really careful about the messages they open and the attachments they download. It might seem like a very minor measure, but your online habits are extremely important when it comes to protecting your computer from harm.

Although these days most of the spam email gets filtered into the Junk folder automatically, some corporate mail inboxes may not have this function. And yes, we would like to emphasize here that small businesses are more susceptible to ransomware infection than individual users. After all, small businesses are more likely to pay the ransom fee, especially if the infection affects several computers across the same network. That is also another reason employers should be thorough in educating their employees about potential security threats. Ignoring email messages from unfamiliar senders should be your first step.

What does Scarab-Bomber Ransomware do?

The interesting thing about this infection is that there are at least two versions of this ransomware. One version targets the English-speaking users, and the other version targets the Russian-speaking users. In this description, we will cover the English version, although the basic principle is the same in both versions. The main difference is the interface and the language in the ransom note. Other than that, you can be sure that the program will exhibit the most common ransomware behavioral patterns. What we mean is that this program will encrypt most of your files upon the installation.

When the encryption is complete, the affected files will have a new extension added to their filenames. For instance, a flower.jpg filename after the encryption would look like this: flower.jpg.bomber. Needless to say, it will not be possible to open the encrypted files because the system will not be able to read them. Scarab-Bomber Ransomware will also drop the ransom note in every single folder that has encrypted files. If you restart your computer, the ransom note will be displayed automatically the moment your system loads. Here is what the ransom note says:

All your files have been encrypted due to a security problem with your PC.

Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.

The message goes on to say that you need to contact these criminals with the given email address, and if you do not get a reply within the first twelve hours, you should try another email address. This just proves that the connection with the command and control center is extremely shaky, and it is very likely that the people behind Scarab-Bomber Ransomware would not be able to issue the decryption key even if you paid the ransom.

How do I remove Scarab-Bomber Ransomware?

It is obvious that you need to remove Scarab-Bomber Ransomware with no questions asked. It might be a little bit challenging to terminate this program on your own because it drops files with random filenames across your system. You can find the manual removal instructions below, but if you do not want to deal with it on your own, you can always acquire a legitimate antispyware tool that will do the job for you automatically.

Manual Scarab-Bomber Ransomware Removal

  1. Press Win+R and type regedit. Click OK.
  2. Go to HKEY_CURRENT_USER\Software.
  3. Remove a random 11-character key under Software.
  4. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  5. On the right pane, right-click the value with the same random name.
  6. Select to delete it and close Registry Editor.
  7. Delete the ransom note files from the system. 100% FREE spyware scan and
    tested removal of Scarab-Bomber Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *