Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Changes background
  • Can't be uninstalled via Control Panel

Scarab-Apple Ransomware

Scarab-Apple Ransomware is yet another infection to join the Scarab Ransomware family, which already consists of such infamous threats as .crypted034 Ransomware, Scarab-Good Ransomware, and Scarab-Glutton Ransomware. These threats are likely to use RDP vulnerabilities and misleading spam emails to spread, and if you are not careful, you might execute it all yourself. Since this malware is clandestine and silent, you should not notice when it invades the system and encrypts files. Unfortunately, once the attack is over, you will see that your personal files cannot be opened and read, and that is because they are encrypted. That means that the data is changed to ensure that it can be read only using a special decryptor. You do not need to check every single file to see if it is encrypted or not because the encrypted ones are pretty noticeable: the name is changed to a random string of characters, and the “.Apple” extension is added at the end. While you can rename the file and delete the extension, your files will not be restored. That will not happen even if you remove Scarab-Apple Ransomware.

Once Scarab-Apple Ransomware encrypts your personal files, it also creates one file. It is called “HELP HELP HELP.TXT,” and multiple copies should be created in very single location that contains corrupted data. It was also found by our research team that the infection adds a Run entry in Windows Registry to ensure that the TXT file auto-starts with Windows. That means that the file will open even if you restart the computer. The message delivered using this file is pretty straightforward, and it informs that you need to send the displayed ID code to support-hack@protonmail.com or using BitMessage (address is BM-2cTXnB6dEE6TdHmAJCnEHp9PdsPThtS5n4) to obtain a “decoder.” Obviously, you would not be given it for free. If you contacted cyber criminals – which you should not do due to security issues – they would instruct you to pay a ransom, which is why this infection is classified as ransomware. Paying any money for the Scarab-Apple Ransomware decoder is a bad idea because the decoder might not exist, and even if it did, it is unlikely that you would obtain it by paying money.

Are your personal files backed up? We really hope that they are because if they are, you can delete Scarab-Apple Ransomware and the corrupted files without further delay. After that, connect to your external drive, cloud storage, or whatever else you might be using to store backups, and transfer them onto the computer. Of course, only if you need to do that. Your files are always safest outside a system that is not protected reliably. That being said, only having one copy of the file – even if it is in secure backup – is not a great idea. Ultimately, you need to protect your personal files if you wish to keep them safe because there are plenty of file-encryptors, data-wipers, and other kinds of malware that could harm them. If you had not used backups prior to Scarab-Apple Ransomware, hopefully, you realize your mistake and change the situation in the future. All in all, decryption was not possible at the time of research.

It is known that Scarab-Apple Ransomware might create one file in %APPDATA% that should delete itself after execution. Other than that, all other components must be erased, and if you want to handle this manually, you can refer to the guide below. Keep in mind that the launcher file has a unique name and might have a unique location, which is why manual removal of Scarab-Apple Ransomware can be too complicated for most. That is alright because there’s still an option to install anti-malware software. In fact, that is the best option because after clearing your operating system from malicious threats, it will keep it safeguarded for the future. Of course, no tool can guarantee absolute and total security, which is why you yourself have to be cautious at ALL times as well. Backup your files, avoid strange emails, install updates, and do not download strange programs that could conceal malware launchers.

Scarab-Apple Ransomware Removal

  1. Locate and Delete the [launcher name].exe of the ransomware.
  2. Tap Win+E to launch Explorer and then type %APPDATA% into the field at the top.
  3. Tap Enter to access the directory and look for a malicious [random].exe file if it did not remove itself.
  4. Type %USERPROFILE% into the field at the top and tap Enter.
  5. Delete the file named HELP HELP HELP.TXT, then Delete every single copy.
  6. Tap Win+R to launch Run and then type regedit.exe into the box to open Registry Editor.
  7. Go to HKEY_CURRENT_USER\Software\.
  8. Delete the [random] key that belongs to ransomware.
  9. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  10. Delete the [random] value that points to %USERPROFILE%\HELP HELP HELP.TXT.
  11. Empty Recycle Bin and then scan your system using a legitimate malware scanner.
Download Spyware Removal Tool to Remove* Scarab-Apple Ransomware
  • Quick & tested solution for Scarab-Apple Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.