Scorpionlocker Ransomware

What is Scorpionlocker Ransomware?

Scorpionlocker Ransomware is also known as H34rtbl33d Ransomware. The researchers who encountered the threat for the first time noticed it encrypts files and appends .H34rtBl33d extension at the end of their titles, which is why they decided to name the malware after it. Nevertheless, after some time it appeared that the malicious application could append different extensions, and it was decided it would be best to call it differently. The name Scorpionlocker Ransomware comes from a particular server URL address (h34rtbl33d.scorpionlocker.xyz) used by the cybercriminals who created the infection. If you continue reading our article, we will tell you more important information about the malicious applications, such as its working manner, possible distribution methods, etc. At the end of this page, we will also add manual removal instructions for users who decide to get rid of the infection instead of paying the ransom and putting their savings at risk, so if you need any assistance with its deletion feel free to use these steps.

Where does Scorpionlocker Ransomware come from?

Scorpionlocker Ransomware could travel with malicious Spam emails, software installers, fake updates, and so on. Our researchers at Anti-spyware-101.com say that to stay away from such data, users should avoid suspicious emails, torrent, and other file-sharing web pages, etc. In case you download data from unreliable sources we advise scanning it with a legitimate antimalware tool first. This way if it contains anything malicious, the tool should detect it and warn you about it. Thus, if your computer is not yet protected by such a tool, we would recommend considering the option to keep your system safe from threats you may yet encounter in the future.

How does Scorpionlocker Ransomware work?

The first Scorpionlocker Ransomware’s task should be encrypting photographs, videos, archives, and other files created by the user. It is possible the malware could target program data as well, but we have no doubt it would leave files belonging to Windows or programs created by Microsoft untouched since otherwise the device might become unbootable and the infection could not display a ransom note. Same as most of the other ransom notes, the message should ask victims to trust the cybercriminals who created the malware and pay them the requested amount of Bitcoins. For doing this, the hackers may claim they will decrypt your data or send you a decryptor so you could do it yourself. Needless to say, these are empty promises because the truth is these people can do whatever they want as you will not have the option to complain or get your money back. In fact, if they realize you are willing to pay for your personal data they might try to extort even more money from you. Therefore, instead of paying the ransom we recommend replacing encrypted files with copies from removable media devices, cloud storage, etc. However, you should know before doing so it would be safer to eliminate the malicious application.

How to remove Scorpionlocker Ransomware?

We could suggest deleting the malware manually, but before deciding, you should probably take a look at the instructions available below. If you think you can handle this process we encourage you to use these steps and get rid of Scorpionlocker Ransomware on your own. For users who find the instructions too complicated we would advise picking a legitimate antimalware tool instead. After performing a full system scan, it should locate the malicious application. Also, once the scanning is over the tool is supposed to display a removal button, and by clicking it, you should be able to erase all identified threats at the same time.

Display hidden files and folders

Windows 8/10

1. Press Windows key+E.
2. Choose View and select Options.
3. Click Change folder and search options.
4. Select View tab again and mark Show hidden files, folders and drives.
5. Click OK.

Windows 7/Vista

1. Open Control Panel from the Start menu.
2. Go to Appearance and Personalization.
3. Choose Folder Options and select the View tab.
4. Tap Show hidden files, folders and drives.
5. Press OK.

Windows XP

1. Open Start and launch Control Panel.
2. Navigate to Appearance and Themes.
3. Select Folder options and go to the View tab.
4. Choose Show hidden files and folders.
5. Click OK.

Eliminate Scorpionlocker Ransomware

1. Press Ctrl+Alt+Delete.
2. Go to the Task Manager.
3. Find a suspicious process related to the malware.
4. Select this process and press the End Task button.
5. Exit Task Manager and tap Windows key+E.
6. Locate your Desktop, Temporary Files, and Downloads folders.
7. Look for a malicious file that got the system infected.
8. Right-click the file you suspect and press Delete.
9. Check the two listed directories:
   %HOMEDRIVE%
   %LOCALAPPDATA%
10. Look for files called Setup.exe or other suspicious executables in both paths.
11. Right-click the described data and press Delete.
12. Go to %LOCALAPPDATA% once more.
13. Look for a directory called H34rtBl33d or with another suspicious title.
14. Right-click the described folder and press Delete.
15. Erase all the malware’s created ransom notes.
16. Close the File Explorer.
17. Press Windows key+R, type Regedit and click OK.
18. Go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
19. Find infection’s created value name; it might have a random title.
20. Right-click the mentioned value name and select Delete.
21. Look for these two paths:
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing
    HKLM\SOFTWARE\Microsoft\Tracing
22. Right-click keys called H34rtBl33d_RASMANCS or H34rtBl33d_RASAPI32 and press Delete.
23. Close the Registry Editor.
24. Empty Recycle bin.
25. Restart the computer. Download Removal Tool100% FREE spyware scan and
    tested removal of Scorpionlocker Ransomware*