Ransomware Research

Scarab-Bomber Ransomware

Scarab-Bomber is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on May 1, 2018, this ransomware has been actively targeting systems worldwide.

Quick facts

Ransomware Family

Scarab-Bomber

First Seen

May 1, 2018

How Scarab-Bomber ransomware works

File encryption patterns

Scarab-Bomber modifies encrypted files using specific patterns to mark them as encrypted:

Extensions added after encryption

.bomber_test_build.bomber.deep.ukrain.sdk.glutton.hitler.iudgkwv.helpersmasters@airmail.cc.yourhope@airmail.cc.wewillhelp@airmail.cc.stevenseagal@airmail.cc.ironhead.rap.nano.moncrypt.aescrypt.crabs.fuchsia.kes$.alilibat.o$l.sfs.lbkut

Ransom note and payment demands

After encrypting files, Scarab-Bomber displays ransom notes demanding payment for file recovery:

fileHOW TO RECOVER ENCRYPTED FILES.TXT

notes/HOW TO RECOVER ENCRYPTED FILES.TXT

Location: EveryFolder

file!!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT

notes/!!!HOW TO RECOVER ENCRYPTED FILES!!!.TXT

fileHow to restore files.TXT

notes/How to restore files.TXT

Location: EveryFolder

fileHow to restore encrypted files.txt

notes/How to restore encrypted files.txt

filePLEASE READ.TXT

notes/PLEASE READ.TXT

Location: EveryFolder

fileHOW TO DECRYPT FILES.TXT

notes/HOW TO DECRYPT FILES.TXT

fileDECRYPT FILES.TXT

notes/DECRYPT FILES.TXT

fileИнструкция по расшифровке.TXT

notes/Инструкция по расшифровке.TXT

fileDECRYPT.TXT

notes/DECRYPT.TXT

fileИнструкция по расшифровке o$l.TXT

notes/Инструкция по расшифровке o$l.TXT

fileКАК РАСШИФРОВАТЬ ФАЙЛЫ.TXT

notes/КАК РАСШИФРОВАТЬ ФАЙЛЫ.TXT

Location: EveryFolder

fileВАШИ ФАЙЛЫ ЗАШИФРОВАНЫ.TXT

notes/ВАШИ ФАЙЛЫ ЗАШИФРОВАНЫ.TXT

Location: EveryFolder

fileИнструкция по расшифровке файлов.TXT

Technical indicators

Associated executable files

The following executable files are associated with Scarab-Bomber ransomware:

ScarabRansomwareUPX.exe
osk.exe
Where Million
file000_osk.exe
myfile.exe
msvcp_win.dll
deep.exe
d3dcompiler_43.dll
Abandon
Abandon.exe
sevnz.exe
Initiatives
Initiatives.exe
1.exe
_.scr.exe.bin
ap1.exe_
ap1.exe
Racks
nero.exe
nero.bin
seek1011_output_8cr64.exe
svchoste.exe
29. 08. 2019 .scr

About this analysis

This Scarab-Bomber ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery, helping organizations defend against and recover from ransomware attacks like Scarab-Bomber.

Last updated: December 30, 2025

Detection coverage

Elastio detects Scarab-Bomber inside your data and backups.

The Hunt Engine uses Deep File Inspection to identify Scarab-Bomber across live data, replicated data, and backups. If this family is in your environment, Elastio finds it before encryption completes. Run a scan against your recovery points to confirm.

See How the Hunt Engine Works Request a Demo

Recent ransomware

Explore other threats in our database

Wxlongda2025 VeilCrypt2025 TitanLabooboo2025 SolidBit2022 SnapHackLocker2024 PySystemUpdate2025 PySimCrypt2025 Monkey2025 Lol2025 HWID2025

View all ransomware →

Scarab-Bomber Ransomware

Quick facts

How Scarab-Bomber ransomware works

File encryption patterns

Ransom note and payment demands

Technical indicators

Associated executable files

About this analysis

Elastio detects Scarab-Bomber inside your data and backups.

Recent ransomware

Product

Sales

Support

Company

Solutions

Partners

Resources

Security

Social

Compare