Scarab-Lolita Ransomware

Posted by Sarah Stewart on February 7, 2019

What is Scarab-Lolita Ransomware?

Scarab-Lolita Ransomware is a new ransomware application in the Scarab Ransomware family. Like the threats before it, the malicious program encrypts user’s files and shows a message saying the user can get his files decrypted. For it, he has to contact the threat’s developers and pay a ransom. The problem with this deal is there are no reassurances the hackers will keep up with their promise. Meaning there is a chance the money you transfer could be lost for nothing. If you do not want to risk being scammed, we encourage you not to put up with any demands. If you erase Scarab-Lolita Ransomware, you should be able to safely restore encrypted files from backup copies located on your cloud storage or removable media device. Users who wish to remove the malware manually, but do not know how should follow the instructions found below.test

Where does Scarab-Lolita Ransomware come from?

Same as other threats from Scarab Ransomware family, Scarab-Lolita Ransomware might be spread through unreliable email attachments, installers, updates, and other data coming from questionable sources. Thus, there is no doubt one of the best ways to keep your system protected from such malicious applications is to stay away from sites distributing untrustworthy content. Another way to minimize the risk of infecting your system accidentally is to scan suspicious files with a legitimate antimalware tool before opening them. Also, users have to be careful with al email attachments that come with Spam or from people and companies they are not familiar with. Truth be told, even if you are a customer of an organization the email claims to be from, you should verify whether the email address is not forged just to be safe.

How does Scarab-Lolita Ransomware work?

At first, Scarab-Lolita Ransomware should create a copy of itself in the %APPDATA% directory. Then it ought to start an encryption process during which it is supposed to encipher various private user’s files. Also, our researchers at Anti-spyware-101.com noticed the malware could disable Registry Editor and Task Manager that it enables again only after the encryption process. It is most likely done to prevent the user from closing or removing the threat before it completes its task.

Once encrypted, user’s files should be marked with the .lolita extension. Moreover, each folder containing enciphered data should have a text document called How to restore files.TXT. Opening it ought to reveal a message from the Scarab-Lolita Ransomware’s developers who claim they can decrypt user’s files if only he pays a ransom. It is not said how much it is, but it looks like the sum may depend on how fast the victim contacts them. Naturally, we do not advise doing so as no matter what the cybercriminals may promise or say, there are no guarantees you will get the necessary decryption tools. The moment the money gets transferred you cannot take it back and so the malware’s creators can take it no matter if they deliver what they promise or not.

How to remove Scarab-Lolita Ransomware?

If you choose not to pay any attention to the ransom note and erase Scarab-Lolita Ransomware you can do so either manually or with automatic features. Our researchers recommend selecting the second option as scanning the computer with a legitimate antimalware tool and then removing the threat by clicking the displayed deletion button should be easier. However, if you think you are experienced enough, you could try to eliminate it manually, and the instructions below this text will show you how.

Eliminate Scarab-Lolita Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Pick Task Manager and select Processes.
  3. Locate a process belonging to the threat.
  4. Select it and click End Task.
  5. Exit Task Manager.
  6. Click Windows key+E.
  7. Locate these paths:
    %TEMP%
    %USERPROFILE%\Downloads
    %USERPROFILE%\Desktop
  8. Locate the malicious application’s launcher.
  9. Right-click it and select Delete.
  10. Check this location: %APPDATA%
  11. See if there is a malicious .exe file (launcher’s copy) belonging to the malware, e.g., nero.exe.
  12. Right-click the malware’s copy and select Delete.
  13. Find files called How to restore files.txt.
  14. Right-click them and select Delete.
  15. Exit File Explorer.
  16. Empty your Recycle Bin.
  17. Restart the computer. 100% FREE spyware scan and
    tested removal of Scarab-Lolita Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *