Scarab-Glutton Ransomware Removal Guide

Do you know what Scarab-Glutton Ransomware is?

You have no choice when it comes to the removal of Scarab-Glutton Ransomware. This infection MUST be removed, and that must be done as quickly as possible. Ideally, you would eliminate it as soon as it found its way into your operating system. Unfortunately, in most cases, victims of this malware realize that they need to get rid of it only after the infection messes with personal files. The infection was created to find and encrypt all kinds of personal files, including work documents and valuable photos. Most people nowadays understand the importance of backing up data, and we hope that you too have backups either on external drives or virtual clouds, and you do not even need to think about how to decrypt files. In any case, your priority should be to delete Scarab-Glutton Ransomware. In this report we discuss how the threat acts and how to eliminate it from the Windows operating system. If you are curious, please continue reading.

The name of Scarab-Glutton Ransomware is a traitor, and it is obvious that the infection comes from the well-known Scarab Ransomware family. A few other infections that belong to it are Scarab-Cybergod Ransomware, Scarab-Deep Ransomware, and Scarab-Bomber Ransomware. These infections usually spread using spam emails and unguarded remote access to the system. Once executed, they quickly begin the encryption using unique encryption keys that cannot be decoded easily. Every infection acts in the same way, more or less, but every one of them attaches unique extensions to the files they encrypt. The malicious Scarab-Glutton Ransomware uses the “.glutton” extension, and if you find it appended to your personal files, there is no doubt that these files were encrypted. Unfortunately, the extension is not removed and files are not decrypted when you delete the ransomware. This means that there is no way out, as far as recovery of files goes, and that is exactly what the creator of the infection wants to make you think.Scarab-Glutton Ransomware Removal GuideScarab-Glutton Ransomware screenshot
Scroll down for full removal instructions

Right after encryption, Scarab-Glutton Ransomware creates a file called “!!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT.” Copies of this file are created everywhere where you can find encrypted files. The purpose of this file is to introduce you to a message that cyber attackers have for you. According to this message, you must email gluttonBD@protonmail.com to confirm that you are “ready to pay for decryption key.” Obviously, if you emailed cyber criminals, they would respond with instructions on how to pay the ransom, which we do not recommend doing. In many cases, the sums requested are simply ridiculously big, and victims cannot afford to pay them; however, smaller ransoms can be requested too, and victims might be more willing to pay them. Whether big or small, you do not want to pay the ransom because you cannot guarantee that the creator of Scarab-Glutton Ransomware would give you a decryptor in return. If you were provided with the key, we’d be surprised.

Do you want to delete Scarab-Glutton Ransomware? We are sure that you do, but you might hesitate to initiate the process if your files are on the line. The truth is, however, that your files are likely to be lost regardless of whether or not you pay the ransom before you initiate the removal. Therefore, we suggest that you get rid of this malware right away. The instructions below show how to do it manually, but you should think if installing anti-malware software is not a better solution. You must be worried about other threats invading your operating system in the future, but you can leave your worries behind by installing anti-malware software. Use it to protect you and remove existing malware automatically.

Remove Scarab-Glutton Ransomware

  1. Tap keys Win+E to launch Windows Explorer.
  2. Enter %APPDATA% into the dialog box at the top.
  3. Delete the file named PresentationFontCache.exe if was not erased automatically after encryption.
  4. Delete the file named winupmgr.exe.
  5. Enter %UERPROFILE% into the dialog box at the top.
  6. Delete the file named !!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT. Erase all copies too.
  7. Tap keys Win+R to launch RUN.
  8. Enter regedit.exe to launch Registry Editor.
  9. In the pane on the left navigate to HKEY_CURRENT_USER\Software\.
  10. Delete the [random name] key associated with the ransomware.
  11. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  12. Delete the [random name] value linked to the !!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT file.
  13. Delete the Windows Update Manager value linked to the winupmgr.exe file.
  14. Empty Recycle Bin and then quickly use a malware scanner to perform a full system scan and check for malware leftovers that still might require removal.

In non-techie terms:

You should install anti-malware software, back up your files, stay away from spam emails, secure remote access channels, and be cautious about security backdoors to keep Scarab-Glutton Ransomware away because if this malicious threat slithers in, it can encrypt files. Unfortunately, decrypting them is not possible at this time. While a free decryptor might be created in the future, it certainly does not exist now. This leaves you with no options, and you might start thinking that you should try communicating with cyber criminals and, maybe, paying the ransom. This is a terrible idea because cyber criminals are good at taking money but terrible and keeping their promises and providing you with anything in return. Basically, if you decide to pay the ransom, do not get your hopes up about obtaining a decryptor. You can delete Scarab-Glutton Ransomware manually, but our recommendation is to use an anti-malware tool to get rid of this infection because of the protection it can provide you with afterward. Hopefully, you can recover your personal files from backups.