Scorpionlocker Ransomware Removal Guide

Do you know what Scorpionlocker Ransomware is?

If Scorpionlocker Ransomware, or as it is also known, H34rtbl33d Ransomware, manages to sneak onto your computer, there is a good chance that you will have to say goodbye to your files. This vicious threat can take your files hostage and there is no way for you to get the decryption key anymore. Our researchers say that this ransomware program was developed by the same Indonesian crew as Halloware Ransomware, a previous dangerous threat. These cyber crooks actually have social media accounts like Facebook and Instagram. It is always a nightmare when such a ransomware program hits your computer, but in some unique cases you might get lucky and find a free file recovery tool on the web to restore your files or the infection may not work properly and leave your files unencrypted. Unfortunately, this time you can lose all your files if you do not have a backup. We advise you not to hesitate long to remove Scorpionlocker Ransomware from your PC.

Have opened a questionable email recently? This malware infection can be distributed via spam mails as an attachment. This attached file can look like a document or an image, but it is, in reality, the malicious executable file. This spam's main goal is to convince you that you must see the contents, namely, the attachment itself because it is supposed to contain vital information for you regarding an alleged matter. Remember that it is never safe to open a doubtful mail, let alone its attachment. Ransomware infections are one of the most dangerous and devastating threats. Running a file you have received from an unfamiliar person runs the risk of infecting your system. In this case, you can also lose your files as a result and not even deleting Scorpionlocker Ransomware can save you from that.

If your browsers and Flash and Java drivers are not up-to-date, you can also infect your system with this ransomware. How? You may click on the wrong third-party ad or link while visiting a suspicious website (betting, gaming, dating, file sharing, video streaming, or porn) and you may get redirected to a malicious website set up by cyber criminals as a trap. This malicious website runs Exploit Kits in the background, which means that the moment this site is loaded in your outdated browser, it triggers a malicious script to drop this ransomware infection and activate it on your system. So, if you think you can avoid such a malicious attack by quickly closing your browser window hoping that you were fast enough realizing that you have landed on a malicious page, think again. Such a visit would almost certainly result in your having to delete Scorpionlocker Ransomware from your computer after losing all your files to encryption.

As you can see, this malware actually has two names by which malware hunters identify it. The reason is quite simple. Our researchers have found that the Command and Control server this malware infection communicates with contains "scorpionlocker" in its domain name, just like the admin interface, "h34rtbl33d.scorpionlocker.xyz/login.php." However, this domain is down already. This also means that this ransomware program cannot communicate with it anymore; there is no way to save the decryption key, either. In other words, there is no way for you to decrypt your files. This infection adds ".H34rtBl33d" or ".d3g1d5" extension to the original file extension when a file is encrypted. This extension may depend on the version you have been infected with.

There are, in fact, three ransom notes this threat creates on your system. One is the image that replaces your desktop wallpaper after the attack is over, and there are two other files called "H34rtBl33d.txt" and "H34rtBl33d.html" dropped on your desktop. These notes instruct you to visit a Tor website for payment instructions, but this site is also down. This leaves you with but one choice: You need to remove Scorpionlocker Ransomware right away and use a backup to restore your files.

We have prepared the necessary instructions for you below, if you would like to take a shot at eliminating this ransomware. Of course, it is somewhat risky since it includes editing your Registry database. Making a mistake there could have irrevocable consequences; therefore, we only recommend this manual removal for those users who know what they are doing. If you are not a tech savvy, you may want to use a reliable anti-malware program, such as SpyHunter, or any other of your choice to automatically protect your PC against all known malware threats.

Remove Scorpionlocker Ransomware from Windows

  1. Tap Win+R and enter regedit in the Run box. Click OK.
  2. Delete these registry entries:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run|[random name]
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\H34rtBl33d_RASMANCS (64-bit)
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\H34rtBl33d_RASAPI32 (64-bit)
    HKLM\SOFTWARE\Microsoft\Tracing\H34rtBl33d_RASAPI32
    HKLM\SOFTWARE\Microsoft\Tracing\H34rtBl33d_RASMANCS
  3. Close the Registry Editor.
  4. Tap Win+E to open File Explorer.
  5. Bin all the suspicious .exe files you have saved lately. (Check all the default directories like Desktop, Downloads, and %Temp%)
  6. Delete these files and folders:
    "Setup.exe" in "%HOMEDRIVE%" and "%LOCALAPPDATA%" (Windows XP: "%UserProfile%\Local Settings\Application Data")
    "%LOCALAPPDATA%\H34rtBl33d" (Windows XP: "%UserProfile%\Local Settings\Application Data\H34rtBl33d")
  7. Delete the ransom notes from your desktop.
  8. Empty your Recycle Bin and reboot your computer.

In non-techie terms:

Scorpionlocker Ransomware is a serious malware infection that you should prevent at all costs. If this ransomware program can enter your system, it can encrypt all your person files and more to scare you enough to make you want to pay for the decryption key. The main problem is, apart from possibly losing all your files, that neither the Command and Control server, nor the dark web page is available any longer, which means that you cannot even pay the ransom if you wanted to; not that we would ever encourage anyone to do so. Hopefully, you have a backup that you can use now to restore your files. But first, you need to remove Scorpionlocker Ransomware from your system as soon as possible. If you cannot do this manually, we suggest that you employ an anti-malware program you can trust.