Scarab-Horsuke Ransomware

If you are seeing a picture of a hacker sitting on a funny-looking grey horse, you most likely encountered a threat called Scarab-Horsuke Ransomware. It encrypts various private files located on the computer and asks its owner to contact the malware’s creators. It should also mention the victim would have to pay for decryption. Apparently, the price depends on how fast the user emails the hackers. However, before even considering such an option you should know there are no guarantees the malicious program's developers will help you. The thing is their offer for decrypting three small files as a guarantee only shows they can unlock such data. Unfortunately, while they might be able to do it does not mean they will. These people could start asking for more money or trick you in other ways, which is why we do not recommend dealing with them. It seems to us it would be safer to get rid of Scarab-Horsuke Ransomware and think of another way to get encrypted files back. To learn more about the malware, we invite you to read the rest of the article, and if you need assistance while removing it, we could suggest checking the instructions located below the text.

Our researchers say Scarab-Horsuke Ransomware could be spread through Spam emails or unreliable RDP (Remote Desktop Protocol) connections. Thus, to protect the system from similar attacks in the future, it would be advisable to update all outdated software, especially the computer’s operating system, main browser, and so on. It would also strengthen the system if you replaced weak passwords so cybercriminals could not hack into the computer. The next task is ensuring you do not interact with any suspicious content that might infect the system, for example, suspicious email attachments, unreliable software installers, annoying pop-up ads, etc. For even more protection, our researchers recommend installing a reliable antimalware tool. The tool you pick should come from reputable developers and have good reviews, ratings, etc. What’s more, it is highly advisable to keep it up to date as well.

Provided, Scarab-Horsuke Ransomware manages to get in it might replace your Desktop wallpaper with a picture we described at the beginning of this article. Next to the “funny-horse” picture, the user should also see a short message saying: “Congratulations! All your files have been encrypted! If you want to restore them, write us to horsia@airmail.cc.” An extended ransom note should be available on a text document called HOW TO RECOVER ENCRYPTED FILES.TXT. Our researchers say it is supposed to appear in all folders containing the malware’s targeted data. As you see, before doing any of this the malicious application should hide in the background so it could encrypt your personal files without being noticed. It appears to be the threat seeks to encrypt user’s pictures, photographs, video, archives, various documents, and other personal files. We believe the only data remaining unencrypted might be the files associated with the computer’s operating system or other software installed on it.

In any case, encrypted files should be easy to recognize since they are supposed to have a second extension at the end, for example, flowers.jpg.horsia@airmail.cc, and so on. The same email on Scarab-Horsuke Ransomware’s extension should be mentioned in the threat’s ransom note. As we explained earlier, the message it provides does not say how much is the ransom or where to transfer the money, but it promises the malicious application’s developers will “send you the decryption tool that will decrypt all your files” after they receive the payment. The bad news is these people cannot be trusted as it is entirely possible they might scam you. This is why instead of paying the ransom we would advise removing the malware. Then it should be safe to restore encrypted files with backup copies. If you want to know how to eliminate Scarab-Horsuke Ransomware manually, you should have a look at the instructions located below this text. The other way to delete the malicious application is to get a reliable antimalware tool and let it deal with the threat for you.

Erase Scarab-Horsuke Ransomware

1. Press Ctrl+Alt+Delete.
2. Go to the Task Manager.
3. Find the malware’s process.
4. Mark this process and click End Task.
5. Exit Task Manager.
6. Tap Win+E.
7. Navigate to:
   %TEMP%
   %USERPROFILE%\desktop
   %USERPROFILE%\downloads
8. Check if you can see the malicious file downloaded before the computer got infected.
9. Right-click the suspicious file and press Delete.
10. Go to %USERPROFILE%
11. Search for files called HOW TO RECOVER ENCRYPTED FILES.TXT and a randomly named BMP picture, for example, BzbRJxsHvQSVd.bmp.
12. Right-click the described files and press Delete.
13. Close File Explorer.
14. Press Win+R.
15. Insert Regedit and click Enter.
16. Navigate to the listed paths:
    HKEY_CURRENT_USER\Software
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
17. Find randomly named value names created by this malware, for example, BzbRJxsHvQSVd.
18. Right-click these value names and press Delete.
19. Exit Registry Editor.
20. Empty your Recycle bin.
21. Reboot the system.