How to remove Scarab-Bomber Ransomware and decrypt .alibabat files

What is Scarab-Bomber Ransomware?

The developers of the Scarab Ransomware family, which is very common, constantly release updates, changing the settings and content of their cryptoviruses. Scarab-Bomber is a new version of Scarab Ransomware, discovered about a year ago, in June 2018. It was initially aimed at Russian-speaking users. However, Scarab-Bomber has already spread around the world. Looking ahead, remind you that you need to remove Scarab-Bomber Ransomware and decrypt .alibabat files immediately after detection, and here’s why. Scarab-Bomber encrypts user data using the AES-256-CBC algorithm. Also, Scarab-Bomber assigns a new extension to encrypted files, which makes files unsuitable for further use. The most recent extension is .alibabat (previously Scarab-Bomber used .bomber, bomber_test_build, .deep, .ukrain, .glutton, .hitler, .lolita, .harry, .kes$ and so on). Moreover, the virus renames files using Base64. After completing the encryption of user files, Scarab-Bomber creates a text file, which is a scam note. It contains information about the methods of redemption and, in fact, its value. This is what this note DECRYPT.TXT looks like:

Scarab-Bomber ransomware

All your files have been encrypted due to a security problem with your PC.
For information on decoding, please write to the e-mail
Your files are now encrypted!
Your personal identifier:
Now you should send us email with your personal identifier.
Contact us using this email address:
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
The total size of files must be less than 5Mb (non archived), and files should not contain
valuable information (databases, backups, large excel sheets, etc.).
* Do not rename encrypted files.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.

The attackers specified an email address at which the user needs to contact them. According to the information specified in the note, the user indicates in the letter his personal ID and pays the ransom, and in return receives the decoder. In fact, there is no guarantee that your files will be truly decrypted. We recommend that you use our recommendations and instructions to remove Scarab-Bomber and decrypt .alibabat files.

How Scarab-Bomber Ransomware gets into PC?

Attackers are very sophisticated. For example, Scarab-Bomber may come along with free downloads from the Internet. Quite often Scarab-Bomber comes bundled with files of portable versions of programs. Also, a cryptovirus can penetrate your PC as an attachment to a spam mailing list or as Adobe Reader DC. In some cases, attackers use modified versions of programs designed to control a computer remotely, such as TeamViewer and Ammyy. Be that as it may, Scarab-Bomber carries a huge threat to user data. Scarab-Bomber deletes shadow copies of files and system restore points, which makes decryption almost impossible. We recommend that you carefully read our instructions and guides to remove Scarab-Bomber Ransomware and decrypt .alibabat files.

Update: Use following service to identify the version and type of ransomware you were attacked by: ID Ransomware. If you want to decrypt your files, please follow our instruction below or, if you have any difficulties, please contact us: We really can help to decrypt your files.

How to remove Scarab-Bomber from your computer?

You may try to use anti-malware tool to remove Scarab-Bomber ransomware from your computer. Newly advanced ransomware detection technology is able to run an instant ransomware scan, which is perfect to protect your computer in case of a new ransomware attack.
Download SpyHunter 5 windows compatible SpyHunter provides an opportunity to remove 1 detected malware for free during trial period. The full version of the program costs $39,99 (you get 6 months of subscription). By clicking the button you agree to EULA and Privacy Policy. Downloading will start automatically.

How to decrypt .Scarab-Bomber files?

Once you’ve removed the virus, you are probably thinking of recovering files from encryption. Let’s take a look at possible ways of decrypting your data.

Recover data with Data Recovery

Data Recovery

  1. Download and install Data Recovery
  2. Select drives and folders with your files, then click Scan.
  3. Choose all the files in a folder, then press on Restore button.
  4. Manage export location.
Download Stellar Data Recovery The download is an evaluation version for recovering files. To unlock all features and tools, purchase is required ($49.99-299). By clicking the button you agree to EULA and Privacy Policy. Downloading will start automatically.

Restore data with automated decryption tools

Unfortunately, due to the novelty of Scarab-Bomber ransomware, there are no available automatic decryptors for this encryptor yet. Still, there is no need to invest in the malicious scheme by paying a ransom. You are able to recover files manually.
You can try to use one of these methods in order to restore your encrypted data manually.

Restore data with Windows Previous Versions

This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows saves copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take the following steps:

  1. Open My Computer and search for the folders you want to restore;
  2. Right-click on the folder and choose Restore previous versions option;
  3. The option will show you the list of all the previous copies of the folder;
  4. Select restore date and the option you need: Open, Copy and Restore.

Restore the system with System Restore

You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.

  1. Type restore in the Search tool;
  2. Click on the result;
  3. Choose restore point before the infection infiltration;
  4. Follow the on-screen instructions.

Written by Rami D

Was this tutorial helpful?
[Total: 0 Average: 0]

Leave a Comment

Time limit is exhausted. Please reload CAPTCHA.