Scarab-Horsia Ransomware Description
The Scarab-Horsia Ransomware is a ransomware Trojan that belongs to a family known as Scarab, a group of ransomware Trojans that first started to appear in April 2018. The Scarab-Horsia Ransomware functions like most encryption ransomware Trojans, encrypting victims' files by using a strong encryption algorithm and demanding payment of a ransom in exchange for the decryption key needed to restore the affected files. The Scarab-Horsia Ransomware is delivered to victims through corrupted spam email attachments, which will often utilize inserted macro scripts to download and install the Scarab-Horsia Ransomware onto the victim's computer.
How the Scarab-Horsia Ransomware Attacks a Computer
The Scarab-Horsia Ransomware makes the victim's files inaccessible, changing the victim's desktop background into a simple text message over a black background with the following message:
All your files have been encrypted!
If you want to restore them, write us to email@example.com'
The Scarab-Horsia Ransomware uses the AES encryption to make the victim's files inaccessible. The Scarab-Horsia Ransomware targets a wide variety of the user-generated files, which include the file types:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The Scarab-Horsia Ransomware marks the files encrypted by its attack by adding the file extension '.firstname.lastname@example.org' to each affected file's name. The Scarab-Horsia Ransomware delivers a ransom note in the form of a text file dropped onto the victim's computer. This file, named 'HOW TO RECOVER ENCRYPTED FILES.txt,' contains the following text:
Your files are now encrypted!
Your personal identifier:
[26 RANDOM CHARACTERS]
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: email@example.com
If you don't get a reply or if the email dies, then contact us to firstname.lastname@example.org
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 10Mb (non archived), and files should not contain valuable information (databases, backups, large excel sheets, etc.).
How to obtain Bitcoins?
* The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price:
* Also you can find other places to buy Bitcoins and beginners guide here:
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
Dealing with the Scarab-Horsia Ransomware
The payment of a ransom to the Scarab-Horsia Ransomware or contacting the people responsible for its attack is never a recommended course of action. Instead, computer users should take steps to ensure that their data is safe from these threats. Having file backups on cloud storage or external mechanisms, combined with a strong security application, is the best protection against threats like the Scarab-Horsia Ransomware.
Do You Suspect Your PC May Be Infected with Scarab-Horsia Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Scarab-Horsia Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.