How to remove Scarab-Rebus Ransomware and recover .REBUS files

5/5 (2)

What is Scarab-Rebus Ransomware?

Scarab-Rebus (Rebus) is the newest variant of Scarab Ransomware. It renames all targeted files with Base64 encoding scheme and appends them with .REBUS extension. For example, file “mydoc.doc” will turn into “2wHNr2iP509NNRi4UQYgc.REBUS”. As usual, virus places a ransom note (REBUS RECOVERY INFORMATION.TXT) on the desktop at the end of the process where the victim will find pay method to restore encrypted files.

The contents of the ransom note (REBUS RECOVERY INFORMATION.TXT):

==============================
REBUS
==============================
YOUR FILES ARE ENCRYPTED!
Your personal ID
[redacted hex]
Your documents, photos, databases, save games and other important data was encrypted.
Data recovery the necessary decryption tool. To get the decryption tool, should send an email to:
rebushelp@airmail.cc or rebushelp@protonmail.com
If you dont get reply in 24 hours use jabber:
rebushelper@exploit.im
Letter must include Your personal ID (see the beginning of this document).
In the proof we have decryption tool, you can send us 1 file for test decryption.
Next, you need to pay for the decryption tool.
In response letter You will receive the address of Bitcoin wallet which you need to perform the transfer of funds.
If you have no bitcoins
* Create Bitcoin purse: https://blockchain.info
* Buy Bitcoin in the convenient way
https://localbitcoins.com/ (Visa/MasterCard)
https://www.buybitcoinworldwide.com/ (Visa/MasterCard)
https://en.wikipedia.org/wiki/Bitcoin (the instruction for beginners)
- It doesn't make sense to complain of us and to arrange a hysterics.
- Complaints having blocked e-mail, you deprive a possibility of the others, to decipher the computers.
Other people at whom computers are also ciphered you deprive of the ONLY hope to decipher. FOREVER.
- Just contact with us, we will stipulate conditions of interpretation of files and available payment,
in a friendly situation
- When money transfer is confirmed, You will receive the decrypter file for Your computer.
Attention!
* Do not attempt to remove a program or run the anti-virus tools
* Attempts to decrypt the files will lead to loss of Your data
* Decoders other users is incompatible with Your data, as each user unique encryption key
==============================

The note stated that to recover your files, you should send them one infected file and “personal ID”. You will then receive the decrypted file as a demonstration of their capabilities and Bitcoin address where you need to transfer money. Amount of the ransom is not specified so we can assure that it is established individually depending on the type of client. Although cybercriminals really can decrypt your data, we still urge you not to contact them as it’s fraught with money loss. The thing is that malefactors often disappear once money is transferred. But, don’t despair, the virus doesn’t delete your files which means you have a good chance to get them back. Also, keep in mind that the file decryption is meaningless unless you have the virus on a computer. Therefore, you should first stay focused on removing Scarab-Rebus Ransomware. Here you’ll find a detailed instruction to remove Scarab-Rebus Ransomware and recover your files for free.

Scarab-Rebus ransomware

How Scarab-Rebus ransomware gets on your PC?

This type of virus can be infiltrated through several methods, including a freeware software, spam messages, trojans, software from dangerous sources, etc. A process of installation can start hidden and automatically. Besides that, some malware programs can mark Scarab-Rebus Ransomware as a trusted software program.

What to do if your PC is infected with Scarab-Rebus ransomware

As soon as you notice the presence of the ransomware on your system, you should turn your computer off. If it is possible to try to create a backup or image of your hard drive info. This may let you reserve the state of your drives in case a decryption method would be created afterward.

How to remove Scarab-Rebus ransomware?

To make sure that the ransomware won’t reappear, you need to delete Scarab-Rebus ransomware completely. For this, you need to remove the files and registry entries of the ransomware. We should warn you that performing some of the steps may require above-average skills, so if you don’t feel experienced enough, you may apply to the automatic removal tool.

Download Removal Tool

Performing an antimalware scan with SpyHunter Removal Tool would automatically search out and delete all elements related to Scarab-Rebus ransomware. It is not only the easiest way to eliminate Scarab-Rebus ransomware but also the safest and the most assuring one.

How to decrypt and restore .REBUS files

Restore files with an automatic tool

Method 1

Data Recovery Pro would help you recover your files in the absence of required decryptor.

data recovery pro tool

  1. Download Data Recovery Pro and launch it
  2. Select the drive you want to recover and click START SCAN
  3. After scanning is finished, you are presented with a list of recoverable files found.
  4. Select the required files and click the Recover

Nevertheless, there are no other tools able to restore and decrypt .REBUS files, you may try applying to the manual methods described below, however, they might not work with the latest versions of Scarab-Rebus ransomware.

Restore the system

  1. Initiate the search for system restore
  2. Click on the result
  3. Choose the date before the infection appearance
  4. Follow the on-screen instructions

Roll the files back to the previous version

  1. Right-click the file and choose Properties
  2. Open the Previous Version tab
  3. Select the latest version and click Copy
  4. Click Restore

If the above-mentioned methods didn’t help in eliminating the threat, then it’s better to rely on an automatic way of deleting Scarab-Rebus Ransomware.

How to prevent ransomware infection

To get avoid infection with such viruses as ransomware, we advise you to use Dr.Web. Dr.Web is a powerful antimalware software that can quickly detect and remove Scarab-Rebus Ransomware with all vicious components left among system files and registry entries to make sure that it is completely gone. Dr.Web also has a feature (HTTP monitor), allowing to block access to dangerous sites in a real-time thus preventing you from being infected in the future. Just launch the scan and Dr.Web will take care of the rest.
Download Dr.Web Security Space

Leave a Reply

Your email address will not be published. Required fields are marked *