Jump to content

GEFEST 3.0 RANSOMWARE encrypted using RSA2048 algorithm

Recommended Posts

My laptop infected by a ransomware last night. after visiting a site for a software update, i have suddenly revealed by all files extension showed as  *.*.adobe.GEFEST and *.*.adobe. and all the files encrypted. after that i shut downed by laptop and remove the OS and install new OS. but my all files still encrypted and could not decrepit at all. i got a *.*txt file titled as "HOW TO RECOVER ENCRYPTED FILES.txt" and _openme.txt. the message as below.

i am attaching a encrypted files with the message so that an altruist can get a solution to decrypt.

please help.





Link to comment
Share on other sites

It looks like your files have been encrypted by two different ransomwares. The first appears to be a variant of STOP, and the second appears to be a variant of Scarab:

For Scarab it may be possible for Dr.Web to assist with decryption, however please note that they do not do this for free. They require you to have a license for their business Anti-Virus software before they will assist you. One of Dr.Web's resellers (Emmanuel) offers assistance on the BleepingComputer forums with contacting them to find out if your files can be decrypted. You can find more information at the following link:

Note: Being a reseller, Emmanuel will make at least some money selling you the license you will need to purchase before Dr.Web will decrypt your files (assuming they can of course).

Once the files encrypted by Scarab have been decrypted, you will still need to deal with the STOP ransomware. I'll ask and see if there is any possibility of decrypting the files encrypted by it.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...