Home / Spyware Help / Scarab-Bomber Ransomware Removal Guide

Scarab-Bomber Ransomware Removal Guide

by 0 Comments

Do you know what Scarab-Bomber Ransomware is?

Scarab-Bomber Ransomware is proof that cyber criminals are willing to go at lengths to make others suffer and to push them into giving up their money. In the past, they were much more clandestine and mysterious, and they would use scams and clever tricks to make a profit. When it comes to ransomware, there are no disguises and tricks. Once the infection slithers in and encrypts personal files, the victim is immediately informed that they need to comply with the demands given to them in order to recover data. Although that is the ultimate goal – to get the money – our research team warns that following cyber criminals’ instructions and obeying to their demands is not a good idea. We are sure you understand just how important it is for you to remove Scarab-Bomber Ransomware, but how should you do it, and what about your personal files? We discuss all of it in this report.

According to our research team, there are at least two different versions of the malicious Scarab-Bomber Ransomware. Both of them are likely to spread via spam emails, which means that users are tricked into executing malware themselves. Okay, so maybe it is unfair to say that there is nothing clandestine about ransomware because, in fact, the distribution of this malware has to be. Only if the targeted victim is tricked into opening a corrupted spam email does the infection stand a chance of successfully encrypting data. The first version of Scarab-Bomber Ransomware is targeted at English-speaking Windows users, and once the files are encrypted, and the ".bomber" extension is attached to their original filenames, a file called “HOW TO RECOVER ENCRYPTED FILES.TXT” is created. You can delete this file if you wish, but opening it cannot harm you any further. According to this message – which is set to auto-start with Windows – the victim has to send a special ID code to trustcoin@mail.ru (or to trustcoin@india.com if no response comes).Scarab-Bomber Ransomware Removal GuideScarab-Bomber Ransomware screenshot
Scroll down for full removal instructions

The ransom note introduced to the Russian-speaking Windows users is a bit different. The second version of Scarab-Bomber Ransomware – which is equally as malicious and also deserves removal – attaches the “.bomber” extension as well, but it also renames files using random characters. The ransom note file is called “КАК ВОССТАНОВИТЬ ЗАШИФРОВАННЫЕ ФАЙЛЫ.TXT,” and the contents inform that the victim has to send the ID to soft2018@tutanota.com, soft2018@mail.ee, or newsoft2018@yandex.by. An alternative method of communicating via Bitmessage is offered as well. In both versions of the ransom note, the victim of Scarab-Bomber Ransomware is informed that they would have to pay a ransom, but the sum is not specified, and we can only speculate how much you would be asked to pay. In any case, we do not recommend going along with that because a) you do not know if a decryptor exists, and b) you do not know if cyber criminals would give it to you. Instead, we want to focus on the removal of this malware.

There is one component that belongs to both versions of Scarab-Bomber Ransomware that deletes itself once files are encrypted. It is an executable file in the %APPDATA% directory. Besides that, you also need to eliminate a few registry entries, as well as the ransom note file, copies of which could be created everywhere. If you are not sure you can delete Scarab-Bomber Ransomware manually, that is not a problem. In fact, even if you are tech-savvy, we still recommend installing anti-malware software, and not only because of its automatic malware removal properties but also because of its ability to protect you against ransomware in the future. And what about your files? If they are not backed up, there is nothing you can do, and so make sure you set up a file backup ASAP.

Remove Scarab-Bomber Ransomware

  1. Simultaneously tap Win+R to launch RUN.
  2. Enter regedit.exe into the box and click OK. The Registry Editor will show up.
  3. Move to HKEY_CURRENT_USER\Software\.
  4. Delete the {random name} key that represents the ransomware.
  5. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  6. Delete the {random name} value that points to the ransom note file.
  7. Simultaneously tap Win+E to launch Explorer.
  8. Enter %USERPROFILE% into the bar at the top.
  9. Delete the ransom note file (HOW TO RECOVER ENCRYPTED FILES.TXT or КАК ВОССТАНОВИТЬ ЗАШИФРОВАННЫЕ ФАЙЛЫ.TXT).
  10. Enter %APPDATA% into the bar at the top.
  11. Look for a malicious {random name}.exe file that belongs to ransomware. If it exists, Delete it.
  12. Empty Recycle Bin to erase the components.
  13. Install a trusted malware scanner to check if you have managed to eliminate the ransomware.

In non-techie terms:

The instructions shown above explain how to remove Scarab-Bomber Ransomware from the Windows operating system manually. Is this the best option for you? Unless you are able to protect your system against malware – and the existence of the ransomware is proof that you are not – automatic anti-malware software should be installed without further hesitation. Are you afraid of committing to a security tool? You should not be because your virtual security is extremely vulnerable, and you want it taken care of appropriately. If you are still not sure what to do, post a comment below. And if you have successfully deleted Scarab-Bomber Ransomware using our guide (use a malware scanner to check if you have), do not forget that you need appropriate security software.