Scrabber Ransomware

Posted by Sarah Stewart on November 29, 2018

What is Scrabber Ransomware?

Cyber criminals have not stopped developing new ransomware infections on the HiddenTear engine yet because Scrabber Ransomware, a new HiddenTear-based ransomware infection, has been spotted in the wild by malware researchers. It seems that the ransomware infection targets both Russian and English-speaking users because it drops a ransom note in both languages after encrypting users’ personal files. At first glance, it acts as an ordinary ransomware infection; however, unlike ordinary computer threats, it seems that it does not demand money from users who fall victim to it. It only asks them to send a PC name and a user name (these are the same unless there is more than one PC user created). We cannot promise that your files will be unlocked once you do so even though the message dropped on victims’ computers claims that the ransomware infection has not been developed to obtain money from users: “We are not scammers and do not pursue the purpose of collecting money, do not file a complaint against us, please’ (taken from the English version of the ransom note dropped). Cyber criminals will not remove Scrabber Ransomware from the system for you either – you will have to do so yourself. No matter what you decide to do, i.e. whether or not you send the PC/user name to the ransomware developer, do not forget that you must fully remove this infection no matter what.

What does Scrabber Ransomware do?

Scrabber Ransomware has been designed to lock files on affected computers, so if it ever enters your system one day too, you will find a bunch of folders with .doc, .docx, .xls, .xlsx, .ppt, .pdf, .mov, .lnk, .html, .dp, .iso, and many other files locked on your PC. Encrypted files should be marked by the threat by appending the .junked extension to all of them. Unlike similar threats, Scrabber Ransomware does not rename any encrypted personal files, so it may seem at first glance that they are fine. The ransomware infection will also change your Wallpaper and delete Shadow Volume Copies of all affected files, making it impossible to restore encrypted files using these copies. You should also find a ransom note displayed to you on your Desktop. Two text files (ПРОЧИТАЙ БЛЭТ!.txt and READ BLET.txt) will be dropped on your system as well once the ransomware infection encrypts files successfully. If you read the ransom note, you will find out that your files have been locked using the AES-256 encryption. Surprisingly, the ransomware infection does not demand money. It tells users to send their PC/user names to decriptscrabber@mail.ru or trinskert@bk.ru instead. It is not very likely that cyber criminals could cause more problems by only knowing your PC/user name, so it is worth giving this a shot if you have encountered Scrabber Ransomware, and all your important files have been encrypted. Alternatively, if you have a backup of your files, you can simply restore them all today by transferring them to your PC after deleting the infection.

Where does Scrabber Ransomware come from?

The distribution of Scrabber Ransomware remains a secret because this threat is not that prevalent so that it could be possible to make any conclusions; however, experienced specialists working at anti-spyware-101.com suspect that this malicious application is also mainly distributed via spam emails as an email attachment. Additionally, you may encounter it if you keep your RDP connection poorly secured. Cyber criminals might hack it and drop malware onto your computer in no time. There are many other harmful threats that can be distributed using this particular distribution method.

How to delete Scrabber Ransomware

As research has shown, Scrabber Ransomware does not belong to the group of sophisticated malware, so its removal should be quick and easy. First of all, check for any suspicious/unknown processes in Task Manager and kill them. Then, delete the recently opened file that could be associated with Scrabber Ransomware. Last but not least, remove all versions of the ransom note dropped by Scrabber Ransomware. Are you looking for a quicker malware removal method? In this case, you should use an antimalware scanner to clean threats from your system instead of deleting malicious components manually one by one.

Scrabber Ransomware removal guide

  1. Tap Ctrl+Shift+Esc.
  2. Under Processes, locate the malicious ransomware process and kill it.
  3. Close Task Manager.
  4. Delete all suspicious files you have downloaded recently (check the Downloads folder).
  5. Remove all ransom notes (READ BLET.txt and ПРОЧИТАЙ БЛЭТ!.txt) dropped on your PC.
  6. Empty Trash. 100% FREE spyware scan and
    tested removal of Scrabber Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *