Scarab-Coronavirus Ransomware

Posted: June 5, 2020

Scarab-Coronavirus Ransomware Description

The Scarab-Coronavirus Ransomware is the latest offshoot of the large Scarab Ransomware family. The Scarab-Coronavirus Ransomware is run by the same hackers who operate the BOMBO Ransomware, another strain based on the Scarab Ransomware.

Once the Scarab-Coronavirus Ransomware is installed, it encrypts the user's files and instructs the victim to contact the ransomware operators. The hackers' goal is to extort money from the victim in exchange for a decryptor.

Distribution and Infection 

The Scarab-Coronavirus Ransomware is a new strain of file-encrypting malware, and it's been used in relatively few campaigns. Reports from victims suggest, however, that it's distributed with the help of illicit cracking tools that let users use paid software products for free.

The interesting thing about the Scarab-Coronavirus Ransomware is that in addition to encrypting the files, dropping the ransom note in every folder, and changing the desktop background, it also disables Windows' Task Manager, which makes dealing with the threat much more difficult.

The encrypted files receive a '.coronavirus' extension and they become unreadable immediately. A text file called 'HOW TO RECOVER ENCRYPTED FILES.TXT' is dropped in each folder, and a new desktop background tells the victim to follow the instructions in it.


The ransom note once again tells the users what has happened and tries to assure them that unless they pay the ransom, they'll never get their files back. The ransom demand isn't stated in the note, and the victim is instead told to get in touch with the hackers either through the @decryptorbomber Telegram channel or via email at

The Scarab-Coronavirus Ransomware operators also offer the free decryption of up to 3 files to prove that once they receive the payment, they can unscramble the data. To ensure that victims will not get their important information without paying the ransom, however, there are certain rules. The files, which need to be less than 10MB in size, and the hackers say that they will not decrypt valuable databases, backups or large Excel spreadsheets.

Finally, the user is warned that renaming the files will not work, and anti-virus programs are unable to decrypt the information. Here's the ransom note in its entirety:


 Your personal identifier:



Your documents, photos, databases, save games and other important data has been encrypted.

Data recovery requires a decoder.

decryption of files for money

contact us by telegram login @decryptorbomber

contact us by

Free decryption as guarantee!

Before paying you can send us up to 3 files for free decryption.

The total size of files must be less than 10Mb (non archived), and files should not contain

valuable information (databases, backups, large excel sheets, etc.).



*files affected by viruses are not treated by antivirus software

Don't waste your time. Write to the hacker by contact.

* Do not rename encrypted files.

* Do not try to decrypt your data using third party software, it may cause permanent data loss. 

* Decryption of your files with the help of third parties may cause increased price 

(they add their fee to our) or you can become a victim of a scam.'


The Scarab Ransomware family has been around for close to three years now, and as you can see, it's distributed by a number of different groups of hackers under different names and brands. Earlier versions of the Scarab Ransomware had a flaw in their encryption mechanism, and security experts were able to develop free decryptors that helped victims get their files back without paying the ransom. In June 2018, however, Scarab's developers introduced a new encryption mechanism that relies on both AES and RSA, which generates unique decryption keys for all victims.

Without access to these keys, security researchers can't create a free decryption tool for newer variants, and, unfortunately, this means that for the time being, victims of the Scarab-Coronavirus Ransomware who don't have a backup of their files have no way of recovering their data for free.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Scarab-Coronavirus Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Scarab-Coronavirus Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.