Scarab-Bomber Ransomware Removal Guide

It takes one click to invite Scarab-Bomber Ransomware into your Windows operating system, but it takes much more than that to remove it. Furthermore, you might be unable to revert to the same state you had before the invasion. The infection encrypts personal files, and recovering them is unlikely to be possible. The developer of the malicious ransomware corrupts data using an encryption algorithm, and once files’ data is scrambled, there is no way to read them. Legitimate and free file decryptors exist, but they cannot help the victims of ransomware. On rare occasions, malware researchers are capable of building decryptors that can free files affected by ransomware, but, at the time of research, a decryptor for the infection we are discussing did not exist. Does that mean that you will not be able to restore your files if the threat attacks? Not necessarily, and you can learn more about this by reading the report. Without a doubt, our greatest focus right now is on showing you how to successfully delete Scarab-Bomber Ransomware.

If you live in a country where Russian is spoken, you will face a different version of Scarab-Bomber Ransomware from the one that those living in English-speaking countries will. That is because two different variants of the infection exist. This malware comes from the infamous Scarab Ransomware family, and the name of this sample derives from the “.bomber” extension that is appended to the files that are corrupted. Both variants of the threat use the same extension, but they both treat the names of the files differently. The English version ignores the names, and the Russian version changes them, which can make it harder to assess the damage. Both variants of Scarab-Bomber Ransomware also create two different ransom notes, which are represented via two different files – HOW TO RECOVER ENCRYPTED FILES.TXT and КАК ВОССТАНОВИТЬ ЗАШИФРОВАННЫЕ ФАЙЛЫ.TXT. Multiple copies of these files are likely to be created in the folders containing corrupted files. You need to be careful about how you handle the information represented by the ransom notes, and, of course, in the end, you will need to delete the files.

The creator of Scarab-Bomber Ransomware wants victims to communicate with them, and that is the whole gist of the ransom note (in both versions). The Russian version shows an ID and orders to send it either via Bitmessage (BM-2cWp6BhKATEHEyfi1CGG4k3RuquXjaGJXB), or three unique email addresses (soft2018@tutanota.com, soft2018@mail.ee, and newsoft2018@yandex.by). The message states that the victim has to pay a ransom to obtain a decryption key that would, allegedly, decrypt files. The English variant asks to send the ID to trustcoin@mail.ru or trustcoin@india.com. This message also informs that a payment is required. If you communicate with cyber criminals, they will provide you with more information on how to pay the ransom, but you should not do that because there are absolutely no guarantees that you would get your files decrypted. Do you want to waste your money? We are sure you do not, and that is why you should think carefully if going with the plan offered by cyber criminals is such a good idea.

Do you need to remove Scarab-Bomber Ransomware? Yes and no. Of course, you must eliminate this threat from your operating system because it is malicious and because cyber criminals are using it against you. On the other hand, it is possible that the main launcher of the threat deleted itself after the encryption, which means that you might only need to erase leftovers. That being said, we cannot guarantee that that is the case. If you choose to follow the instructions below, make sure you follow every step carefully, and then use a legitimate malware scanner to check if your system is clear. Our recommendation, of course, is that you install anti-malware software. It will automatically detect and remove all malicious components. It is most important, however, that it will continue protecting your operating system.

N.B. If your files were encrypted by Scarab-Bomber Ransomware, your best bet at recovering them is if you have backups. If you did not back up your files in the past, find the best cloud storage service or invest in an external drive, and get in the habit of backing up important files frequently. This is the best protection against file-encrypting ransomware.

How to delete Scarab-Bomber Ransomware

1. Look for [unknown name].exe file that is the launcher of the ransomware. If you find this file, right-click and Delete it immediately.
2. Tap keys Win+E to access Explorer and then enter %APPDATA% into the field at the top.
3. Look for a file that belongs to the ransomware (e.g., osk.exe), right-click and Delete it.
4. Enter %UERPROFILE% into the field at the top.
5. Right-click and Delete the ransom note file named КАК ВОССТАНОВИТЬ ЗАШИФРОВАННЫЕ ФАЙЛЫ.TXT or HOW TO RECOVER ENCRYPTED FILES.TXT
6. Tap keys Win+R to access RUN and then enter regedit.exe into the field.
7. In Registry Editor navigate to HKEY_CURRENT_USER\Software\.
8. Find the [unknown name] key associated with the ransomware, right-click and Delete it.
9. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
10. Find the [unknown name] value associated with the ransomware, right-click and Delete it. This value should point to the location of HOW TO RECOVER ENCRYPTED FILES.TXT and КАК ВОССТАНОВИТЬ ЗАШИФРОВАННЫЕ ФАЙЛЫ.TXT files.
11. Empty Recycle Bin and then immediately scan your system using a legitimate malware scanner.