- Home
Detectable Ransomware Scarab-Bomber
Ransomware Research
Scarab-Bomber Ransomware
Scarab-Bomber is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on May 1, 2018, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- Scarab-Bomber
- First Seen
- May 1, 2018
How Scarab-Bomber Ransomware Works
Targeted Files
https://www.hybrid-analysis.com/sample/96e8ad58e2d5a12f62157f7f76d8c06330871379e2be0dfdfb74e0973041dc13/63de607caedcb24dbe1d70f0 https://app.any.run/tasks/37701682-5e6c-4d83-a581-9232a78cc7c5/ https://app.any.run/tasks/5491aa1e-3de0-4a8c-8f16-e565851549d8/ https://twitter.com/demonslay335/status/1183113858854113280 https://app.any.run/tasks/4e70ee5a-bd01-459f-a770-742f1d85c72a/
File Encryption Patterns
Scarab-Bomber modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..bomber_test_build
..bomber
..deep
..ukrain
..sdk
..glutton
..hitler
..iudgkwv
..helpersmasters@airmail.cc
..yourhope@airmail.cc
..wewillhelp@airmail.cc
..stevenseagal@airmail.cc
..ironhead
..rap
..nano
..moncrypt
..aescrypt
..crabs
..fuchsia
..kes$
..alilibat
..o$l
..sfs
..lbkut
Ransom Note and Payment Demands
After encrypting files, Scarab-Bomber displays ransom notes demanding payment for file recovery:
HOW TO RECOVER ENCRYPTED FILES.TXT
Ransom message:
notes/HOW TO RECOVER ENCRYPTED FILES.TXT
Note locations:
EveryFolder
!!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT
Ransom message:
notes/!!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT
How to restore files.TXT
Ransom message:
notes/How to restore files.TXT
Note locations:
EveryFolder
How to restore encrypted files.txt
Ransom message:
notes/How to restore encrypted files.txt
PLEASE READ.TXT
Ransom message:
notes/PLEASE READ.TXT
Note locations:
EveryFolder
HOW TO DECRYPT FILES.TXT
Ransom message:
notes/HOW TO DECRYPT FILES.TXT
DECRYPT FILES.TXT
Ransom message:
notes/DECRYPT FILES.TXT
Инструкция по расшифровке.TXT
Ransom message:
notes/Инструкция по расшифровке.TXT
DECRYPT.TXT
Ransom message:
notes/DECRYPT.TXT
Инструкция по расшифровке o$l.TXT
Ransom message:
notes/Инструкция по расшифровке o$l.TXT
КАК РАСШИФРОВАТЬ ФАЙЛЫ.TXT
Ransom message:
notes/КАК РАСШИФРОВАТЬ ФАЙЛЫ.TXT
Note locations:
EveryFolder
ВАШИ ФАЙЛЫ ЗАШИФРОВАНЫ.TXT
Ransom message:
notes/ВАШИ ФАЙЛЫ ЗАШИФРОВАНЫ.TXT
Note locations:
EveryFolder
Инструкция по расшифровке файлов.TXT
Technical Indicators
Associated Executable Files
The following executable files are associated with Scarab-Bomber ransomware:
ScarabRansomwareUPX.exe
osk.exe
Where Million
file000_osk.exe
myfile.exe
msvcp_win.dll
deep.exe
d3dcompiler_43.dll
Abandon
Abandon.exe
sevnz.exe
Initiatives
Initiatives.exe
1.exe
_.scr.exe.bin
ap1.exe_
ap1.exe
Racks
nero.exe
nero.bin
seek1011_output_8cr64.exe
svchoste.exe
29. 08. 2019 .scr
Elastio Can Help You
Don't let Scarab-Bomber ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Scarab-Bomber ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Scarab-Bomber.
Last updated: July 30, 2025