Scarab-Gefest Ransomware

The Scarab-Gefest Ransomware is a file-locking Trojan that encrypts your files automatically. These attacks are part of an extortion campaign for selling the threat actor's possible help with the decryption solution that restores your files to usable formats. Having backups for protecting your work is an excellent defense against the consequences of infections, and most anti-malware products should prevent its installation or remove the Scarab-Gefest Ransomware effectively.

The Scarab Ransomware Lays a Fertile Egg

Ransomware-as-a-Service remains bustling for some families more than others, with the Scarab Ransomware being an unquestionably dominant force in the RaaS marketplace. One branch that Russia-focused security researchers are continuing exploring is the Scarab-Gefest Ransomware, which consists of an increasing number of minor variants. Unlike many file-locking Trojans, there's some hope for victims without backups for recovering their work, although most users can serve themselves best by avoiding the situation, in the first place.

The Scarab-Gefest Ransomware is a major jumping-off point from the previous versions of the Scarab Ransomware, and samples of it are implying that it's being updated up to version 3.0. It uses AES as its algorithm of preference for locking files, which includes a substantial list of formats like DOC, PDF, JPG, GIF, XLS, RAR and other media. Although the Scarab-Gefest Ransomware marks these non-working files by appending an extension, malware researchers see diverging versions of the Trojan with different tags (such as 'GEFEST,' 'Gefest3,' 'GFS,' and 'CRABSLKT').

Beyond blocking files and removing their Shadow Volume Copy backups, the Scarab-Gefest Ransomware creates a ransoming message ('HOW TO RECOVER ENCRYPTED FILES.TXT') that's slightly different in content from the old Scarab Ransomware equivalents. The Scarab-Gefest Ransomware's version is in English, but with poor formatting and several grammar issues. The threat actors, still, are selling their decryptor for Bitcoins, however, and give one 'free sample' instead of the three. Interestingly, the address in one version of the Scarab-Gefest Ransomware is identical to one in an old Hermes Ransomware campaign – possibly, the threat actor isn't finding much success in his extortion attempts.

Crushing a Scarab Underneath Your Heel

The Scarab-Gefest Ransomware's slapdash communications hamper the clarity for which some of its relatives, like Scarab-Fuchsia Ransomwar, the Scarab-kitty Ransomware, the Scarab-Enter Ransomware, and the Scarab-DD Ransomware, are well-known. However, the text notes it drops don't have any effect on its encryption, which is a potent obstacle between Windows PC owners and their media. Users can contact cyber-security analysts with file-locking Trojan experience for their help on decrypting any content, but malware experts don't recommend relying on any solution other than establishing secure and well-updated backups.

Preventing attacks provide an even surer means of saving files from encryption or deletion. Two particularly high-traffic infection vectors for Scarab Ransomware's family members are as follows:

• Servers and networks with weak passwords are vulnerable to being brute-forced, which estimates the credentials for logging in so that remote attacker scan drop threats like the Scarab-Gefest Ransomware. Better password management will inhibit this attack strategy.
• Spam e-mails are another, effective form of threat introduction, but requires the victim's clicking on a link or attached document. Either method may pretend that the associated file is a bill or other content that's interesting to the victim, and can include such techniques as decoy documents, corrupted macros, or undetectable software vulnerabilities.

Most versions of this family of file-locking Trojans evade cyber-security solutions poorly. The presence of any updated anti-malware product should help with deleting the Scarab-Gefest Ransomware securely or stop its installation and the requisite locking of your files.

As a sizable branch of an already-large family, the Scarab-Gefest Ransomware build of the Scarab Ransomware shows that Ransomware-as-a-Service is far from done. To the contrary, it's thriving on the backs of victims who aren't following even the most basic of security precautions.