Scarab-Bomber Ransomware

Scarab-Bomber Ransomware is a new version of the Scarab Ransomware. These two programs are malicious computer infections, and no user would ever want to deal with them. Unfortunately, there are quite a few poor souls out there who have to suffer the consequences of this infection. Ransomware infection can be quite daunting, especially because there might be no way to restore the encrypted files. Therefore, the focus of the anti-ransomware campaign lies in removing Scarab-Bomber Ransomware and other similar infections from the target computers. As far as the encrypted files are concerned, the way to deal with that problem may depend on whether you have a file backup or not.

The peculiar thing about this infection is that it comes two versions. One version is in English, and the other is in Russian. Thus, it means that Scarab-Bomber Ransomware targets users who speak English and Russian. Technically, both versions differ only in this linguistic aspect, and the overall way of functioning is practically the same. You can expect both programs to be distributed in a similar fashion, too.

Whenever we talk about ransomware programs, we always mention that the most common distribution method employed by this infection is spam. Here you might say that your spam gets filtered into the Junk folder, and you do not have to worry about it. And partially, that is true. But we have to remember all the other custom inboxes that may not have such function. Not to mention that individual users aren’t the only targets in this case. It is far more likely for a ransomware program to infect a small business. Small businesses are less likely to invest in cyber security, and they might not have a data backup. So if they get infected with Scarab-Bomber Ransomware, they might be more willing to pay the ransom.

If you open the installer file for this infection, Scarab-Bomber Ransomware enters your system almost immediately. When the program is installed and launched, it scans your system because it needs to find all the files it can encrypt. Most of the time, ransomware programs target files located in the %USERPROFILE% directory, but it doesn’t mean that the files saved in other directories are safe. If a ransomware program needs your system to function properly for you to transfer the ransom fee, it will leave your Windows system files intact. This is the usual agenda.

Upon the encryption, all the affected files receive a new appendix to their filenames. That is also something that every single ransomware program does. As far as Scarab-Bomber Ransomware is concerned, this program adds the .bomber appendix to every single affected filename. So if you couldn’t tell which files got encrypted just by looking at their icons, the filenames will be a direct giveaway.

What does the infection expect you to do? Well, just like any other ransomware program, Scarab-Bomber Ransomware wants you to pay the ransom fee. It tells you more about the payment in the ransom note. We have an extract from the note below:

All your files have been encrypted due to a security problem with your PC.

Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.

After payment we will send you the decryption tool that will decrypt all your files.

Contact us using this email address: trustcoin@mail.ru
If you don't get a reply in 12 hours, then contact us using this email address: trustcoin@india.com

What does it say about Scarab-Bomber Ransomware that there are at least two email addresses in the ransom note? It means that it might not be possible to contact the criminals behind this infection at all. So you should not waste your time trying to figure out how to pay the ransom.

You need to remove Scarab-Bomber Ransomware right now following the instructions below this description. When the infection is removed, you can delete the encrypted files, and then transfer healthy copies back into your computer either from an external hard drive or from a virtual cloud drive. As long as you have your files saved somewhere, you can always replace the corrupted data with a healthy copy.

How to Remove Scarab-Bomber Ransomware

1. Press Win+R and enter regedit. Press OK.
2. Open HKEY_CURRENT_USER\Software.
3. Delete a random 11-character key under Software.
4. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
5. On the right side, right-click the value with the same random name.
6. Choose to delete it and exit Registry Editor.
7. Remove the ransom note files from the system.
8. Scan your computer with SpyHunter.