Scarab-Apple Ransomware Removal Guide

Do you know what Scarab-Apple Ransomware is?

If you do not want to lose your personal files – and we are sure that you do not – you need to protect your operating system against Scarab-Apple Ransomware. This dangerous infection silently invades a system and scans it to find photos, videos, PDFs, DOC files, and other kinds of data. These files are encrypted using a complex algorithm, and that renders them unreadable. Once files are corrupted, nothing can be done. Unfortunately, that is not the message that the attackers behind this malware are bringing. They want the victims to believe that a decryptor allegedly capable of restoring files exists and can be purchased for a certain price. Even if it exists – which cannot be confirmed – it would be surprising if victims were given the decryptor after paying the ransom. Unfortunately, that is the only option because files cannot be recovered by deleting Scarab-Apple Ransomware.

As the name of Scarab-Apple Ransomware indicates, this infection comes from Scarab Ransomware family (other variants include .crypted034 Ransomware and Scarab-Good Ransomware). Our research team has observed this malware spreading by email and by exploiting RDP vulnerabilities. Whether or not this is how the infection got into your operating system, if it managed to slither in, your files must be encrypted. The names of these file should have been replaced with a jumble of characters, and the “.Apple” extension should have been appended. Along with these files, you should have found a file named “HELP HELP HELP.TXT.” According to our malware experts, a copy of this file should be placed in every affected folder. Inside this file, you can find a message pushing you to obtain the so-called decoder. Two methods of communication (either via email at support-hack@protonmail.com or BitMessage at BM-2cTXnB6dEE6TdHmAJCnEHp9PdsPThtS5n4) are shared, and if you are thinking about contacting cyber criminals, think if that is such a great idea.

If you contact cyber attackers, they could trick you into executing malware. They could also keep your details and flood you with malicious emails and messages in the future. Surely, that is not what you want. But how can you get the Scarab-Apple Ransomware decoder if you do not contact the attackers? If you contacted them, you would be forced to pay money, and no one can guarantee a fair exchange when it comes to cyber crooks. Of course, the choice is yours, but if you are really going to expose yourself to attackers, be careful every step of the way. Also, do not forget that you are unlikely to get what you expect even if you fulfill every single demand diligently.Scarab-Apple Ransomware Removal GuideScarab-Apple Ransomware screenshot
Scroll down for full removal instructions

If you are familiar with the Windows Registry, and you can delete files, you might be able to get rid of the malicious Scarab-Apple Ransomware manually. Of course, to succeed, you will need to find the launcher file, and we cannot tell you where it might be location on your system. The rest of the components that must be eliminated are listed in the manual Scarab-Apple Ransomware removal guide below. If you cannot delete the threat yourself, why not employ the assistance of anti-malware software? It will not only get rid of all malicious files – including those that might belong to other infections – but will also keep you, your system, and your personal files protected.

Delete Scarab-Apple Ransomware

  1. Tap Win+R to access Run and type regedit into the box to launch Registry Editor.
  2. In the pane on the left move to HKEY_CURRENT_USER\Software\.
  3. Delete the key with a random name that is linked to the ransomware.
  4. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  5. Delete the value with a random name that is linked to the ransom note file, HELP HELP HELP.TXT.
  6. Exit Registry Editor and then Delete every single copy of the HELP HELP HELP.TXT file.
  7. Empty Recycle Bin and then quickly inspect your system using a legitimate malware scanner.

In non-techie terms:

A file corrupted by Scarab-Apple Ransomware is a file lost, and so we hope that if this malicious threat invaded your operating system, there aren’t too many files that were encrypted. Once files are encrypted, they cannot be read, and the attackers are using this to sell a decoder. Although the promise is that the files would be decrypted if a ransom was paid in return for the decoder, no one knows if cyber criminals would keep their promises. It is most likely that they would not. While not much can be done about the decryption of files, every victim can and should remove Scarab-Apple Ransomware. Doing so manually can be too difficult because the threat’s launcher has a unique name and can be located in a random folder, but a legitimate anti-malware program should have no trouble removing this threat, as well as protecting the system against other clandestine and malicious threats.