Click on screenshot to zoom
Danger level 9
Type: Trojans
Common infection symptoms:
  • Can't be uninstalled via Control Panel
  • Restarts computer after installation
  • Block exe files from running
  • Connects to the internet without permission

Scorpio Ransomware

If names of your files and some programs have been changed to a string of letters and numbers, and they all contain [Help-Mails@Ya.Ru].Scorpio, Scorpio Ransomware must be active on your system. According to experts at pcthreat.com, it is obvious that it has entered the system illegally. Most probably, it arrived on your computer when a malicious spam email attachment was opened. Scorpio Ransomware has first been spotted in the middle of June, 2017, so we cannot confirm that it is a prevalent threat yet. Of course, new distribution methods might be adopted soon allowing it to reach more unprotected computers, so we would be more cautious if we were you. Are you reading this article because you have already discovered this infection and a bunch of locked files on your PC? In this case, you must perform the removal of Scorpio Ransomware as soon as possible. You are not allowed to ignore this problem because this infection creates a point of execution in HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce and it not always deletes it after the successful encryption of files, which suggests that it might be able to launch automatically together with the Windows OS and encrypt new files each time the computer is turned on.

Judging from the message available in the ransom note IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT that it drops in all directories that contain encrypted files, i.e. files with [Help-Mails@Ya.Ru].Scorpio extensions, the only way to get files back is to pay a certain amount of money to get a decryption tool from cyber criminals. Users are first told to write an email to Help-Mails@Ya.Ru (or alexous@bk.ru) and then send a ransom using the provided payment instructions. You should receive them with a reply. Cyber criminals are also ready to decrypt 3 files for free to show users that they have a key and can unlock files. You should let them decrypt those three files for free; however, you should not pay a ransom for the decryption of the remaining files. We cannot let you do this because you might get nothing from malware developers. Unfortunately, there might be no other way to decrypt files – Scorpio Ransomware deletes the so-called Shadow Volume copies of files with a command vssadmin Delete Shadows /All /Quiet and, on top of that, uses the AES encryption that cannot be easily broken. Only those users having copies of their files on a USB flash drive, a cloud drive, or a file hosting service can restore them for free. The ransomware infection must be removed first before the restoration.

As has been mentioned, Scorpio Ransomware usually enters computers illegally when users open malicious attachments from spam emails. Despite the fact that users do not know anything about its entrance, it does not take long for them to realize that malware is on their PCs because they soon find a bunch of locked files and a ransom note placed in different directories. These are not the only symptoms showing that it has successfully entered the system. Specialists say that users might also find a new file database.exe in %APPDATA% and a new Value pointing to this malicious file in the registry key HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce. It could have removed these two components after the successful encryption of files, but it does not mean that your system is not infected with this ransomware infection if you cannot find them on your PC.

You cannot unlock your personal files by removing Scorpio Ransomware from your computer, but you still must delete it as soon as possible because it will continue working on your system and might lock files once again. In addition, the ransomware-type infection might help other threats to enter easily victims’ PCs. If the manual removal of such a serious threat does not frighten you at all, you, of course, can take care of this infection yourself – our manual removal guide located below this paragraph should make the procedure even easier, but do not worry if you find out that the lack of knowledge about malware/computers does not allow you to erase Scorpio Ransomware in a manual way because it is also possible to delete this infection with a reputable automatic malware remover. Do not forget to enable a security application on your computer after deleting this infection – it will not allow similar malware to show up on your PC and encrypt files ever again.

How to delete Scorpio Ransomware

  1. Open the Windows Explorer (press Win+E).
  2. Type %APPDATA% in the URL bar of Explorer and press Enter.
  3. If you can find database.exe there, remove it.
  4. Close the window and launch Run (tap Win+R).
  5. Type regedit in the command line and click OK.
  6. Go to HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce.
  7. Delete a Value (it will have a random name) pointing to database.exe (keep in mind that it could have already been automatically deleted).
  8. Close Registry Editor.
  9. Remove the ransom note IF YOU WANT TO GET ALL YOUR FILES BACK, PLEASE READ THIS.TXT from folders with encrypted files.
  10. Empty the Recycle bin.
Download Spyware Removal Tool to Remove* Scorpio Ransomware
  • Quick & tested solution for Scorpio Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.