Threat Database Ransomware Scarab-Coronavirus Ransomware

Scarab-Coronavirus Ransomware

By GoldSparrow in Ransomware

The Coronavirus Ransomware is a crypto-virus that belongs to the Scarab Ransomware family. Like any other member of this family, the Coronavirus Ransomware takes hold of your files with the intent to:

  • Launch full-blown data encryption
  • Modify your Windows Interface
  • Tamper with System Startup.

Each encrypted file gets the '.coronavirus' extension located right next to its real one. That’s where this Scarab offshoot gets its name from. Before you see how your file names have got a new appendix, however, you may notice a different wallpaper on your desktop. Upon successful infection, you will see a ransom note in the form of a text file planted in each encrypted folder. The note is titled "HOW TO RECOVER ENCRYPTED FILES.TXT" and reads as follows:

Your personal identifier: [random_characters]


Your documents, photos, databases, save games and other important data has been encrypted.
Data recovery requires a decoder.
decryption of files for money
contact us by telegram login @decryptorbomber
contact us by
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).

*files affected by viruses are not treated by antivirus software
Don't waste your time. Write to the hacker by contact.
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.'

Similar to other popular ransomware threats out there, the Coronavirus Ransomware embeds a ransom note full of grammatical errors. Nevertheless, it clearly demands infected PC users to contact the underlying cybercriminals if they want to stand any chance of getting their data back. The crooks exude a fair amount of self-confidence when it comes to successful decryption, as evidenced by their generous offer to restore three files at the victim’s discretion.

Every cybergang engaged in ransomware attacks urges victims to contact them by mail, and the guys behind the Coronavirus Ransomware make no exception. Affected victims are urged to send a letter to '' to learn how much they will have to pay to lay their hands on a working decryption tool or key. However, infected users may also contact '@decryptobomber' on the Telegram Messenger service.

The Coronavirus Ransomware spreads via malware-laden email attachments primarily, but you also may catch it in web advertisements and sites littered with a corrupted code.

Successful removal of the very Coronavirus Ransomware installation files may be possible through the Windows Safe Mode With Networking feature. Full data recovery, on the other hand, is contingent upon the presence of intact Shadow Volume Copies of your encrypted files.


Most Viewed