Home / Spyware Help / Scarab-DD Ransomware Removal Guide

Scarab-DD Ransomware Removal Guide

by 0 Comments

Do you know what Scarab-DD Ransomware is?

Scarab-DD Ransomware is one of the newest members in the Scarab family of ransomware infections. Just a quick reminder – it consists of a number of crypto-threats, including Scarab-Good Ransomware, Scarab-Glutton Ransomware, and Scarab-Cybergod Ransomware. What unites all these infections is that they mercilessly lock files on computers they manage to affect. Ransomware infections do so in order to obtain money from users easier. Speaking about Scarab-DD Ransomware, it does not tell victims that they will have to pay a ransom. Users are only told that they need to send an email message to the provided email address to get the decoder. We are sure you will be asked to pay for it once you contact cyber criminals. In some cases, users need their files so badly that they are ready to pay for the decryptor. It is very likely that you read this article because you need your files back too, but we still cannot let you transfer money to cyber criminals. Sorry. Cyber criminals are not the most reliable people in the world for sure, so they might forget all their promises quickly after receiving the payment sent to them. Therefore, instead of considering whether or not you should purchase the decryptor, delete this threat mercilessly. Free decryption software available on the web may help you to unlock some files after you erase Scarab-DD Ransomware. Also, you could restore encrypted files from a backup if you have ever backed up your files at least once. Sadly, this backup could have been encrypted as well if you have been keeping it on your affected PC.

Let’s talk about the Scarab-DD Ransomware modus operandi in more detail. Once this nasty threat enters computers, it immediately locks all files found on the system and then appends the .DD filename extension to all of them. Once files are completely encrypted and can no longer be accessed by users, Scarab-DD Ransomware drops HOW TO RETURN FILES.txt on affected computers. This text file contains a message with a little ascii image. It will inform you about the encrypted files. On top of that, you will find out that you need a special tool to unlock your files with. There is an email address belonging to ransomware developers indicated in the ransom note, but if you are not ready to pay money to cyber criminals for the decryption tool, do not even bother writing emails. Even though it is not written in the ransom note dropped on your PC, we are sure you will be asked to pay money for that tool, and there is nothing really smart about that because it is unclear whether malware developers will give this tool to you. They might take your money but do not give you the decryptor, and, to be frank, you could not do anything to force them to send it to you, which is why specialists are strictly against sending payments to malware developers. They might not only give you the promise tool, but they might also use your money to develop new threats that you might encounter yourself in the future.Scarab-DD Ransomware Removal GuideScarab-DD Ransomware screenshot
Scroll down for full removal instructions

According to specialists, it is very likely that Scarab-DD Ransomware has locked files on your computer because you have recently launched a malicious email attachment, or you have downloaded malware masqueraded as some kind of legitimate application. The second Scarab-DD Ransomware is successfully installed on the system, it immediately creates a new registry key and places its entry in the Run registry key. Additionally, it temporarily creates an executable system.exe in %APPDATA% but deletes it automatically after encrypting found data. Also, you will find a ransom note dropped on your PC.

You need to remove Scarab-DD Ransomware ASAP no matter it has locked important files on your PC or not because it will undoubtedly cause you more problems if you keep it active. To delete this infection, you must remove all its components one by one, especially the entry created in the Run registry key and the malicious executable file launching the ransomware infection. Our instructions will help you – find them below.

Remove Scarab-DD Ransomware

  1. Press Win+R.
  2. Enter regedit and click OK.
  3. Access HKEY_CURRENT_USER\Software\TKkSNYcSIApyI and delete this registry key (keep in mind that its name is random and might change).
  4. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  5. Delete the Value named TKkSNYcSIApyI (it may have another name but it will point to notepad.exe “C:\Users\user\HOW TO RETURN FILES.TXT").
  6. Close Registry Editor and open Windows Explorer.
  7. Go to %USERPROFILE%.
  8. Delete HOW TO RETURN FILES.TXT.
  9. Remove all suspicious files you have downloaded recently.
  10. Empty your Recycle Bin.

In non-techie terms:

Scarab-DD Ransomware locks files and drops a ransom note on the affected computer. The ransom note does not demand money directly, but it contains an email a victim has to drop an email message to in order to get a decryptor. We can assure you that you will be asked to pay money to get it, and this is the worst users can do, in our opinion. You simply do not know whether you could unlock your files after you transfer money, so why should you bother making payments to cyber criminals? Delete the ransomware infection fully instead!