Scrabber Ransomware

HiddenTear is an open-source ransomware infection whose source code is used to create new crypto-threats by malicious software developers. Scrabber Ransomware is the newest HiddenTear-based ransomware infection malware researchers have detected. Even though it is a newly-detected computer threat, it is no different than older ransomware infections. It infiltrates computers illegally and then immediately applies changes to personal data stored on the computer. To be more specific, it encrypts folders containing various personal users’ files. Surprisingly, the ransomware infection does not demand money from users. It only asks the PC/user name, so it might be possible to unlock files for free. In any event, you will still have to delete Scrabber Ransomware from the system yourself. Cyber criminals will not erase it for you even if you provide the desired information for them, we can assure you that. Luckily, Scrabber Ransomware is far from sophisticated malware, so we are sure you will delete it from your system without difficulty even if you have never erased any malicious application from your computer. Before we tell you more about the Scrabber Ransomware removal, we are going to tell you how it works.

The entrance of Scrabber Ransomware is never pleasant. This malicious application has been developed to lock personal data on users’ computers, so it scans the system the first thing after the successful entrance to find out where users’ personal files are located and then it encrypts them all. The inability to access the majority of files is the first symptom showing that the ransomware infection has entered the system successfully. All your files will be marked by appending the .junked filename extension to them, so it will definitely not take long to find out which of your files have been encrypted. Research conducted by specialists working at pcthreat.com has shown that Scrabber Ransomware targets slides, documents, pictures, and many other files. Encrypting files is not the only activity this threat performs on affected computers. Once it infiltrates users’ computers and locks data, it changes Wallpaper as well. Additionally, it executes a command to delete Shadow Volume Copies of all encrypted files. As a consequence, it is extremely hard, or even impossible, to unlock them for free. Finally, you will also find two versions of the ransom note (READ BLET.txt and ПРОЧИТАЙ БЛЭТ!.txt) dropped on your computer.

As has turned out after analyzing Russian and English versions of the ransom note dropped by Scrabber Ransomware, it does not demand money from users: “Just send the PC and user name and we Will give you the key. Okay!” Providing these details should not result in any problems, so if there are files you need back badly, you may try to contact cyber criminals by dropping an email with these details to decriptscrabber@mail.ru or trinskert@bk.ru. Please, do not pay money to cyber criminals if they ask you to do so because the chances are high that nothing will change even if you make a payment, i.e. it is very likely that your files will stay encrypted.

What about the Scrabber Ransomware distribution? According to specialists, Scrabber Ransomware should be distributed via spam emails primarily. It means that you could have allowed this threat to enter your system by simply opening one innocent-looking email attachment. Alternatively, they say that this infection, just like any other harmful computer threat, can be dropped onto selected users’ computers after hacking their RDP connections, so make sure your RDP credentials are secure. Security specialists also highly recommend keeping security software installed on the system. It will take care of all the threats you do not recognize – it will not let any of them to enter your system.

No matter what kind of computer threat you encounter, you must immediately delete it from your system. As for the Scrabber Ransomware removal, you do not need to be an expert to remove it yourself manually – it does not apply any significant modifications on affected computers. Unlike similar computer threats, this ransomware infection does not create any new registry keys. It will not disable your system utilities too if it ever enters your system. Consequently, you will erase it by simply deleting several malicious components that belong to it. Use our manual removal guide (see below) to remove them all one by one, or, alternatively, go to perform a system scan with an antimalware scanner.

How to remove Scrabber Ransomware

1. Press Ctrl+Shift+Esc.
2. Open Processes.
3. Locate and kill the malicious process of Scrabber Ransomware.
4. Close Task Manager.
5. Press Win+E.
6. Open %USERPROFILE%\Downloads.
7. Delete all recently downloaded suspicious files.
8. Remove ransom notes: READ BLET.txt and ПРОЧИТАЙ БЛЭТ!.txt from all affected directories.
9. Empty Recycle Bin.