Scarab-Horsuke Ransomware Removal Guide

Do you know what Scarab-Horsuke Ransomware is?

Scarab-Horsuke Ransomware is a malicious infection with an incredibly impertinent demeanor. Once it slithers in, it has the audacity to congratulate the victim about the encryption of their personal files. Needless to say, there is nothing to celebrate here, and, in fact, if you receive a message of this kind, it is most likely that your personal files are permanently lost. The initial message is represented via the Desktop wallpaper, which the infection sets up in place of the original one. A BMP file is used for this. The message instructs the victim to email horsia@airmail.cc, and the image of an anonymous persona on a horse holding a Bitcoin indicates that a ransom payment would be requested if the communication via email was established. Have you encountered this malware? If you have, it is up to you make the decision regarding this, but our research team does not recommend fulfilling any demands. Instead, it is recommended that you remove Scarab-Horsuke Ransomware ASAP.

As some readers will have realized, Scarab-Horsuke Ransomware belongs to the Scarab family, to which Scarab-Oblivion Ransomware and Scarab Ransomware belong as well. These infections might be created by different parties, but they all have the same kind of goal. First, of course, they need to penetrate the system, and they can do that using unsafe RDP connections and the backdoor created via spam emails. If you are tricked into letting the threat in, it immediately begins encrypting personal data. It should go after personal photos, media files, and documents, but application files could be affected too, and so some apps might stop running too. You can figure out which files were corrupted quickly by checking for the “.horsia@airmail.cc” extension. Along with the encrypted files, you should find a file named “HOW TO RECOVER ENCRYPTED FILES.TXT.” As the name of the file reveals, it provides you with instructions that are meant to help you recover encrypted data. Unfortunately, things are not so simple.

According to the long ransom note delivered by Scarab-Horsuke Ransomware, you need to send a “personal identifier” to horsia@airmail.cc (or saviours@airmail.cc if the first one does not work) to confirm that you are ready to pay a ransom in Bitcoins. If you confirm this, the creator of the infection should then send you a Bitcoin wallet address and a specific ransom sum to make sure that the payment reaches them. What happens if you do not rename files, do not delete Scarab-Horsuke Ransomware – which you are warned against – and pay the ransom as told? If you do this, cyber criminals get your money, and they can move on to attacking the next victim or planning how they will spend their prey. The last thing they are likely to do is give you a decryptor that would help you recover your data. So, if the ransom is too big to even consider paying, and you do not want to take any risks, you need to focus on removing the malicious infection from your operating system.Scarab-Horsuke Ransomware Removal GuideScarab-Horsuke Ransomware screenshot
Scroll down for full removal instructions

Are your personal files backed up outside of your computer? If they are, there is nothing to worry about. If backups do not exist, you might choose to take the risk of paying a ransom in return for a decryptor. As discussed already, such a tool is unlikely to be produced. All in all, whatever happens to your files, you need to delete Scarab-Horsuke Ransomware, and you can approach this task from several different angles. If you are more experienced, you might be able to remove this infection manually. If that is not the case, employing anti-malware software might be for the better. This is the option our research team stands behind because you want this software not only because it can remove Scarab-Horsuke Ransomware but also because it can enable full-time protection, and protection is required if you do not want to face malware again.

Remove Scarab-Horsuke Ransomware

  1. Find and Delete the {launcher’s name}.exe file.
  2. Launch Windows Explorer by tapping Win+E keys.
  3. Enter %USERPROFILE% into the bar at the top.
  4. Delete the {random name}.bmp and HOW TO RECOVER ENCRYPTED FILES.TXT files.
  5. Launch RUN by tapping Win+R keys.
  6. Enter regedit.exe into the dialog box to access Registry Editor.
  7. Navigate to HKEY_CURRENT_USER\Software\.
  8. Delete the {random name} key associated with the malicious .exe file.
  9. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  10. Delete the {random name} value associated with the ransom note file.

In non-techie terms:

To put it in layman’s terms, Scarab-Horsuke Ransomware corrupts files in a way that only a special decryptor can help recover them. Cyber criminals are the only ones who have this decryptor, and they promise to give it to the victims as soon as they pay the ransom fee. Of course, trusting the promises of cyber criminals is a terrible idea, and victims should not follow demands unless they are okay with the risk of losing money and exposing themselves to cyber criminals via the email. Whether or not files are recovered, removing Scarab-Horsuke Ransomware is crucial, and while some might be able to erase this malware manually, our research team recommends employing trustworthy anti-malware software instead.