Home / Spyware Help / Scrabber Ransomware Removal Guide

Scrabber Ransomware Removal Guide

by 0 Comments

Do you know what Scrabber Ransomware is?

Scrabber Ransomware is a malicious application that appends the .junked extension to its encrypted files. Since it enciphers data located on the victim’s computer with a robust encryption algorithm, the files become unusable without a specific decryption key. The strange part is the malware’s ransom note does not ask for money, even though most of these malicious applications are created for money extortion. It is possible the hackers seek to convince their victims to contact them this way. Later on, they could start asking for money, which is why we would recommend not to take any chances. Those who agree with us that dealing with the hackers behind Scrabber Ransomware might be risky could erase the malware by following the removal guide available below. However, if you cannot decide what to do yet, you could simply continue reading our report.

Unprotected Remote Desktop Protocol connections or Spam emails is how Scrabber Ransomware might find a way into your system. Knowing this, we would encourage you to take extra precautions. For starters, you should make sure your system has no vulnerabilities, whether it would be weak passwords or outdated software. Next, our computer security specialists advise being cautious when receiving files via email you did not expect to get. Inspecting the sender’s email address does not take a lot of time, and it can help you notice details suggesting the address could be forged, which means the attachment could come from cybercriminals. In such a case, you should scan it with a reputable antimalware tool to double check or merely erase it if you are sure it is not anything significant.

The sample we tested did not work correctly; still, we managed to find a lot of various details about Scrabber Ransomware’s working manner. Our computer security specialists say the malicious application should target various personal files, such as photos, documents, videos, archives, and so on. Afterward, the affected files are supposed to get the .junked extension that should be seen at the end of each file’s title. Right after encrypting user’s data the malware might change user’s Desktop wallpaper.

What’s more, it is supposed to drop a couple of text documents with messages from the cybercriminal who developed Scrabber Ransomware. One of the files should contain text written in English and the other one written in Russian. According to both of them, the hackers developed the infection and encrypted their victims’ files, not for money. If you believe them, you can get decryption key and other needed tools by writing them via email. As tempting as it may sound, we doubt these people will give you free decryption tools. Despite what they say in the note, they could demand a payment or the free decryption tools might appear to be more malware. Therefore, if you do not want to take any risks, we would recommend erasing the threat.

To delete Scrabber Ransomware manually, you could complete the removal steps available below in the given order. Naturally, for some of you the instructions might appear to be a bit too challenging, in which case, we would recommend leaving this task to a reputable antimalware tool of your choice.

Erase Scrabber Ransomware

  1. Click Ctrl+Alt+Delete simultaneously.
  2. Pick Task Manager.
  3. Take a look at the Processes tab.
  4. Locate a process associated with this malicious program.
  5. Select this process and tap the End Task button.
  6. Click Windows Key+E.
  7. Navigate to the suggested paths:
    %TEMP%
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
  8. Find a file launched when the system got infected, right-click the malicious file and select Delete.
  9. Locate the malware’s ransom notes (READ BLET.txt and ПРОЧИТАЙ БЛЭТ!.txt); right-click them and press Delete.
  10. Leave File Explorer.
  11. Empty Recycle bin.
  12. Restart the computer.

In non-techie terms:

Scrabber Ransomware is a malicious file-encrypting threat could be spread through unsecured Remote Desktop Protocol connections or Spam emails. The bad news is it can do a lot of damage to user’s data if it manages to settle in. As you see the infection locks user’s data and the only way to restore, it is to use a unique decryption key. The problem is it might be impossible to get it as such data is supposed to be generated during the encryption process and is available only to the malware’s creators. Even though they claim they are not going to ask for a ransom, we find it difficult to believe as such tools are mainly used for money extortion. If you do not think the hackers can be trusted either we advise ignoring the ransom note. To delete the infection, you could follow the removal guide placed above this text or employ a reputable antimalware tool of your choice. Lastly, if you have any backup copies do not forget you can use them to replace encrypted files as soon as the computer is malware-free again.