Scarab-Gefest Ransomware

Posted: April 18, 2019

Scarab-Gefest Ransomware Description

The Scarab-Gefest Ransomware is a file-locking Trojan that encrypts your files automatically. These attacks are part of an extortion campaign for selling the threat actor's possible help with the decryption solution that restores your files to usable formats. Having backups for protecting your work is an excellent defense against the consequences of infections, and most anti-malware products should prevent its installation or remove the Scarab-Gefest Ransomware effectively.

The Scarab Ransomware Lays a Fertile Egg

Ransomware-as-a-Service remains bustling for some families more than others, with the Scarab Ransomware being an unquestionably dominant force in the RaaS marketplace. One branch that Russia-focused security researchers are continuing exploring is the Scarab-Gefest Ransomware, which consists of an increasing number of minor variants. Unlike many file-locking Trojans, there's some hope for victims without backups for recovering their work, although most users can serve themselves best by avoiding the situation, in the first place.

The Scarab-Gefest Ransomware is a major jumping-off point from the previous versions of the Scarab Ransomware, and samples of it are implying that it's being updated up to version 3.0. It uses AES as its algorithm of preference for locking files, which includes a substantial list of formats like DOC, PDF, JPG, GIF, XLS, RAR and other media. Although the Scarab-Gefest Ransomware marks these non-working files by appending an extension, malware researchers see diverging versions of the Trojan with different tags (such as 'GEFEST,' 'Gefest3,' 'GFS,' and 'CRABSLKT').

Beyond blocking files and removing their Shadow Volume Copy backups, the Scarab-Gefest Ransomware creates a ransoming message ('HOW TO RECOVER ENCRYPTED FILES.TXT') that's slightly different in content from the old Scarab Ransomware equivalents. The Scarab-Gefest Ransomware's version is in English, but with poor formatting and several grammar issues. The threat actors, still, are selling their decryptor for Bitcoins, however, and give one 'free sample' instead of the three. Interestingly, the address in one version of the Scarab-Gefest Ransomware is identical to one in an old Hermes Ransomware campaign – possibly, the threat actor isn't finding much success in his extortion attempts.

Crushing a Scarab Underneath Your Heel

The Scarab-Gefest Ransomware's slapdash communications hamper the clarity for which some of its relatives, like Scarab-Fuchsia Ransomwar, the Scarab-kitty Ransomware, the Scarab-Enter Ransomware, and the Scarab-DD Ransomware, are well-known. However, the text notes it drops don't have any effect on its encryption, which is a potent obstacle between Windows PC owners and their media. Users can contact cyber-security analysts with file-locking Trojan experience for their help on decrypting any content, but malware experts don't recommend relying on any solution other than establishing secure and well-updated backups.

Preventing attacks provide an even surer means of saving files from encryption or deletion. Two particularly high-traffic infection vectors for Scarab Ransomware's family members are as follows:

  • Servers and networks with weak passwords are vulnerable to being brute-forced, which estimates the credentials for logging in so that remote attacker scan drop threats like the Scarab-Gefest Ransomware. Better password management will inhibit this attack strategy.
  • Spam e-mails are another, effective form of threat introduction, but requires the victim's clicking on a link or attached document. Either method may pretend that the associated file is a bill or other content that's interesting to the victim, and can include such techniques as decoy documents, corrupted macros, or undetectable software vulnerabilities.

Most versions of this family of file-locking Trojans evade cyber-security solutions poorly. The presence of any updated anti-malware product should help with deleting the Scarab-Gefest Ransomware securely or stop its installation and the requisite locking of your files.

As a sizable branch of an already-large family, the Scarab-Gefest Ransomware build of the Scarab Ransomware shows that Ransomware-as-a-Service is far from done. To the contrary, it's thriving on the backs of victims who aren't following even the most basic of security precautions.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Scarab-Gefest Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware Scarab-Gefest Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.