Home / Spyware Help / Scarab-Leen Ransomware Removal Guide

Scarab-Leen Ransomware Removal Guide

by 0 Comments

Do you know what Scarab-Leen Ransomware is?

Researchers scanning the web for new PC threats have recently reported of the discovery of a new ransomware infection Scarab-Leen Ransomware. We want to point out that it is not an entirely new malicious application. It has turned out that it is a new variant of Scarab Ransomware. This infection is as harmful as its predecessor. Once it successfully infiltrates computers, it locks a bunch of files on them, including those considered the most valuable, e.g. documents, music, pictures, etc. Cyber criminals develop ransomware infections for only one purpose – they expect these threats to help them obtain more money from users. Scarab-Leen Ransomware will ask you to pay for decryption in Bitcoin too. It is up to you whether or not to send money to crooks, but if we were you, we would definitely not do this because there is a huge possibility that files will stay encrypted. Of course, you can send crooks behind Scarab-Leen Ransomware three files (the total size of these files must be less than 10 MB) to get them unlocked for free, but we highly recommend that you do not transfer your money to them. No matter what you decide to do, do not forget to erase the ransomware infection from your system – it might lock more files on your computer. No, this infection will not be erased from your computer even if you pay a ransom.

Scarab-Leen Ransomware will lock your files immediately if it ever infiltrates your computer. You can be sure that this is the malicious application you have encountered if you can locate .leen, for example, picture.jpg.leen appended to all those files you cannot access. Once files are completely locked, Scarab-Leen Ransomware sets a new wallpapper on Desktop. It contains a short message for users. They find out that they cannot access their files because they have been locked. Also, they are told that they cannot rename those encrypted files, try to decrypt them with third-party software, or ask help from third parties. Instead, cyber criminals want users to contact them. Scarab-Leen Ransomware also drops INSTRUCTIONS FOR RESTORING FILES.TXT in all affected folders. It contains a similar message and explains how files can be decrypted. The ransom note states that the only way to get files back is to write an email to mr.leen@protonmail.com inserting a personal identifier and then pay a ransom in Bitcoin. We cannot tell you how much you will have to pay to crooks because “the price depends on how fast you write to us.” Usually, decryption tools are quite expensive, so, in our opinion, you should not make any payments. Keep in mind that your files might stay encrypted even if you do as instructed and pay the ransom. It does not mean that there is nothing you can do without the special decryptor. You can restore your files from a backup at any time after you erase the ransomware infection from your computer.Scarab-Leen Ransomware Removal GuideScarab-Leen Ransomware screenshot
Scroll down for full removal instructions

As mentioned, Scarab-Leen Ransomware is a recently-detected malicious application, but it does not mean that we do not know anything about it. Research carried out by our experienced malware analysts has clearly shown that this threat is mainly distributed via spam emails. Additionally, it might easily enter your system without your knowledge if you use an unsecured RDP port. Ransomware infections enter users’ computers illegally, but there is nothing new about this – all malicious applications try to slither onto computers unnoticed. Luckily, there is a way to protect the system against malware easily – install a powerful security application on your computer and keep it active 24/7/365.

To delete Scarab-Leen Ransomware from your system fully, you will need to remove a registry key it creates upon the successful entrance, its Values from the system registry, and several malicious files it creates. It is a must to remove ALL malicious components, so if you decide to get rid of this threat manually, you should follow the steps of our manual removal guide provided below.

How to delete Scarab-Leen Ransomware

  1. Press Win+R on your keyboard, type regedit, and then click OK to access the system registry.
  2. Right-click on HKEY_CURRENT_USER\Software\BzbRJxsHvQSVd in the panel on the left and select Delete.
  3. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  4. Locate the malicious Value, e.g. QORTsRmnNPmDwD and delete it.
  5. Remove the Value named whelp from the Run registry key.
  6. Close Registry Editor.
  7. Tap Win+E.
  8. Type %USERPROFILE% in the Explorer’s URL bar and press Enter to access the directory.
  9. Delete QORTsRmnNPmDwD.bmp (it might be named differently) and INSTRUCTIONS FOR RESTORING FILES.TXT.
  10. Open %APPDATA%.
  11. Delete helper.exe.
  12. Empty Trash.

In non-techie terms:

Scarab-Leen Ransomware is a malicious application that will lock a bunch of files on your computer if it finds a way to affect it. Ransomware infections usually lock almost all personal files and then demand a ransom. Scarab-Leen Ransomware is no exception. Crooks will tell you how much a decryptor costs once you contact them. Most probably, it will not be cheap at all, but you should not purchase it even if you can easily afford it. Keep in mind that there are no guarantees that the decryption tool will be shared with you.