Infected with Scarab Bomber ransomware? Need to decrypt your files?

What is Scarab Bomber ransomware

Scarab Bomber, also called Scarab Danger is a new version of the widespread Scarab Ransomware. Created in the Russian-language country for demanding a Bitcoin payment from its victims, it spreads around the world.
The virus (crypto-trojan) is very dangerous because it crypts all files on victims PCs: quickly and without any permission. Moreover, after encryption users can lose these files completely. Unfortunately, only a few versions of this virus are decryptable now. The latest versions of Scarab become very difficult to decrypt. Encrypted files got new .bomber, .fastsupport@xmpp.jp or .fastrecovery@xmpp.jp, .glutton extensions. For example 1.txt become 1.txt.bomber. Ransomware can encrypt doc, txt, pdf, xls, bmp, jpg, bmp, mp3, avi and many other files.
Scarab is long playing generation of crypto viruses. Written in Delphi, it spreads from early 2017 till nowadays and has unique methods of encryption, and adds different suffixes to coded files, depends on version. If you want to remove Scarab Bomber Ransomware and decrypt .bomber, .fastsupport@xmpp.jp or .fastrecovery@xmpp.jp files, please read our article below. If your files got another extension, please check all Scarab Ransomware versions and extensions in the list:

Scarab Ransomware – .scorpio, .scarab
Scarab-Please – .please
Scarab-Crypto – .crypto
Amnesia – .amnesia, .@decrypt_files2017, .protomolecule@gmx.us or .TRMT
Scarab-XTBL(Oblivion) – .xtbl, .oblivion
Horsia – .horsia@airmail.cc
Scarab-Walker – .JohnnieWalker
Scarab-Osk – .osk
Scarab-Rebus – .rebus
Scarab-DiskDoctor – .diskdoctor
Scarab-Bomber – .bomber, .fastsupport@xmpp.jp or .fastrecovery@xmpp.jp

Note, that one of the main features of every Scarab Ransomware version is naming and contains of special notes with ransom demands, created by the virus. Sometimes ransom notes may be in Russian. Please compare all examples of Scarab Bomber Ransomware with yours:

Scarab (Danger) version example

Danger: our contacts change every 3 days, do not hesitate, contact us immediately. Then we will not be available.
Attention: if you do not have money then you do not need to write to us!
The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file.
=================================================
Jabber: fastsupport@xmpp.jp
If you do not have a jabber. To write to us to register: https://www.xmpp.jp
=================================================
Your files are encrypted!
Your personal identifier:
6A02000000000000***0FFF0F
=================================================
To decrypt files, please contact us by jabber:
fastsupport@xmpp.jp
=================================================
The file is encrypted with the RSA-2048 algorithm, only we can decrypt the file.
Attention: if you do not have money then you do not need to write to us!
Danger: our contacts change every 3 days, do not hesitate, contact us immediately. Then we will not be available.

Warning all your files are encrypted !!! \ \___ / |
/- _ `-/ '
To receive the decoder, you must send an email to (/\/ \ \ /\
the email address with your personal ID: / / | ` \
O O ) / |
DiskDoctor@protonmail.com `-^--'`

Scarab Bomber version example(translation)

Your files are encrypted! Your personal ID 6A02000000000000 *** 242FB01 your documents, images, databases and other important data has been encrypted. For data recovery needs interpreter. To get the interpreter should send an email to soft2018@tutanota.com ( soft2018@mail.ee , newsoft2018@yandex.by ) In a letter to indicate your personal identifier (see. In the beginning of this document). When contacted via e-mail does not work * Sign up for http://bitmsg.me site (online service dispatch Bitmessage)
* Write a letter to the BM-2cWp6BhKATEHEyfi1CGG4k3RuquXjaGJXB address with your address and
personal ID
Next, you need to pay for the interpreter. In a response letter you will receive the address of
Bitcoin-wallet, which is necessary to perform the transfer of funds and the amount of payment.
If you have bitcoins
* Create a Bitcoin wallet: https://blockchain.info/ru/wallet/new
* Get cryptocurrency Bitcoin:
https://localbitcoins.com/ru/buy_bitcoins (via Visa / MasterCard, QIWI Wallet via Visa and others. )
* Send the required number of BTC at the address specified in the letter
When the transfer is confirmed, you will receive interpreter files to your computer.
After starting-interpreter program, all your files will be restored.
Warranty decrypt files.
Before payment, you can send us up to 3 files for free decryption.
They should not contain sensitive information, the total file size should not exceed 10 MB.
Attention!
* Do not attempt to remove the program or run antivirus tools
* attempts self-decrypting files will result in the loss of your data
* Decoders other users are not compatible with your data since each user a unique encryption key

Advice: if your version of ransom notes has differences - please write us in comments, we try to help you to identify your virus.

Scarab Bomber ransomware

How Scarab Bomber ransomware infected your PC

Scarab Bomber, as well as Scarab Danger, comes to the computer without the user's consent as an email attachment or when spam mailing. Also, it can come bundled with other malicious software through unprotected network settings. You need to use special utilities and programs that can help to protect your PC. If Scarab Bomber has already come to your PC, then you can use our detailed recommendations to remove it right now and decrypt .bomber files. HitmanPro.Alert with CryptoGuard.

First of all, don't panic. Follow these easy steps below.

1. Start your computer in Safe Mode with networking. To do that, restart your computer before your system starts hit F8 several times. This will stop system from loading and will show Advanced boot options screen. Choose Safe mode with networking option from the options list using up and down arrows on your keyboard and hit Enter.
2. Log in to the system infected with the Scarab Bomber ransomware virus. Launch your Internet browser and download a reliable anti-malware program and start a full system scan. Once the scan is complete, review scan results and remove all entries detected.

Recommended Solution:

Norton is a powerful removal tool. It can remove all instances of newest viruses, similar to Scarab Bomber ransomware - files, folders, registry keys.

 

Download Norton*Trial version of Norton provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Norton.

Step 2: Remove following files and folders of Scarab Bomber ransomware:

Related connections or other entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\update_w32.exe
soft2018@tutanota.com
soft2018@mail.ee
newsoft2018@yandex.by

Related files:

HQ-Realtek АС 3.9.4.738.lnk
КАК ВОССТАНОВИТЬ ЗАШИФРОВАННЫЕ ФАЙЛЫ.TXT
How to decrypt coded files.txt

How to decrypt files infected by Scarab Bomber ransomware?

You can try to use manual methods to restore and decrypt your files.

Decrypt files manually

Restore the system using System Restore

system restore

Although latest versions of Scarab Bomber ransomware remove system restore files, this method may help you partially restore your files. Give it a try and use standard System Restore to revive your data.

  1. Initiate the search for 'system restore'
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

Previous versions can be copies of files and folders created by Windows Backup (if it is active) or copies of files and folders created by System Restore. You can use this feature to restore files and folders that you accidentally modified or deleted, or that were damaged. This feature is available in Windows 7 and later versions.

windows previous versions

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

Restore .bomber files using shadow copies

stellar-data-recovery

  1. Download and run Stellar Data Recovery.
  2. Select type of files you want to restore and click Next.
  3. Select the drive and folder where your files are located and date that you want to restore them from and press Scan.
  4. Once the scanning process is done, click Recover to restore your files.

Protect your computer from ransomware

hitmanpro alert with cryptoguard

Most modern antiviruses can protect your PC from ransomware and crypto-trojans, but thousands of people still get infected. There are several programs that use different approach t protect from ransomware and lockers. One of the best is HitmanPro.Alert with CryptoGuard. You may already know HitmanPro as famous cloud-based anti-malware scanner. Check out ultimate active protection software from SurfRight.

Download HitmanPro.Alert with CryptoGuard

Written by Tim Kas

Leave a Reply

Your email address will not be published. Required fields are marked *