Rebus Ransomware Removal Guide

Do you know what Rebus Ransomware is?

Rebus Ransomware is a quite a puzzle, and you might be unable to solve it. This malicious infection is meant to silently encrypt and rename your files, and, unfortunately, there is no secret key in the name or the extension (“.REBUS”) of the corrupted file that would help you restore it. The criminals who have built the malicious ransomware are after your money, and they are using your files against you. Using a special ransom note represented via a TXT file created by the infection, victims are urged to pay a ransom to obtain a decryption tool in return. The bad news is that cyber criminals can promise you everything and anything just to make you pay money, and since that it all that they seem to care about, they are unlikely to send you decryption tools or help you recover your personal data in any other way. Does that mean that your files are completely lost, and you might as well just delete them? You can learn about this in the report, but we can tell you right away that you need to focus on the removal of Rebus Ransomware.

According to the malware experts working in our internal lab, Rebus Ransomware appears to be a variant of the infamous Scarab Ransomware. Other variants whose removal we have discussed just recently include Scarab-Horsuke Ransomware and Scarab-Oblivion Ransomware. All of these infections are meant to corrupt your files and demand a ransom. Not all of them, however, change the names of the corrupted files. According to our research, when Rebus Ransomware encrypts data, it uses Base64 encoding to change the original file names. This might be the first signal for the victim that their operating system was invaded by malware because this threat is very silent at first. It even slithers into the system silently, and it appears that it is most likely to exploit unsafe RDP configurations, spam emails, and similar security backdoors. As soon as the infection slithers in, it starts encrypting data immediately. After that, it creates a file named “REBUS RECOVERY INFORMATION.TXT,” and it is most likely to be placed on the Desktop. You can delete this file, but it might be interesting for you to learn what cyber criminals want from you.

The ransom note displays a unique ID code and two unique email addresses, rebushelp@airmail.cc and rebushelp@protonmail.com. According to the message, you have to email the code to either of these addresses, and if no response is received, you should “use jabber” at rebushelper@exploit.im. Once the communication is set up, the creator of Rebus Ransomware can send you instructions that explain how to pay for a decryption tool. Although the ransom note represented via REBUS RECOVERY INFORMATION.TXT informs that a ransom would have to be transferred to a Bitcoin wallet in Bitcoins, which is a kind of crypto-currency, there are no specific details, and we are not informed about how much money would have to be put towards the alleged tool. To prove that file decryption is possible, the creator of the infection offers to decrypt one file for free. Remember that even if a decryptor exists, it does not mean that you will obtain it after paying the ransom. If you do not want to risk losing money for nothing, decryption of files might be out of the question. Of course, the removal of Rebus Ransomware is not.

The removal of the ransomware is yet another puzzle that might be impossible to crack. Although you need only to delete Rebus Ransomware launcher and the ransom note file, this might be impossible to do manually if you do not know where the launcher file is. Luckily, you do not need to eliminate the threat manually. Instead, you can employ an anti-malware program to do it manually. If other malicious infections exist on your operating system, they would be eliminated too. It is most important, of course, that this program would ensure protection of your operating system, and if reliable protection does not exist, you might be facing malicious threats again and again.

Remove Rebus Ransomware

  1. Delete all recently downloaded suspicious files.
  2. Delete the ransom note file, REBUS RECOVERY INFORMATION.TXT (most likely, placed on Desktop).
  3. Empty Recycle Bin and then perform a full system scan using a legitimate malware scanner.

In non-techie terms:

You are truly unlucky if Rebus Ransomware slithered into your operating system. If the infection manages to slither in, it can silently encrypt files and then create a text file to make the demands. These demands include communicating with cyber criminals and, eventually, paying a ransom. We do not know how big the ransom is, but even if it is small, paying it is not recommended. The creator of the ransomware cannot be forced to do anything, and so once they get the money, they are likely to forget about you and your personal files. Is it possible to decrypt files manually? That, unfortunately, is not possible. However, if backups exist externally, you have copies, and that means that you do not need to worry about the original files being lost. We hope that is the case. In any situation, you cannot forget to delete Rebus Ransomware, and we suggest leaving it to anti-malware software. If you do not want to invest in your virtual security, you will have to find and eliminate this malware yourself.