Sign in to follow this  
rian20009

GEFEST 3.0 RANSOMWARE encrypted using RSA2048 algorithm

Recommended Posts

My laptop infected by a ransomware last night. after visiting a site for a software update, i have suddenly revealed by all files extension showed as  *.*.adobe.GEFEST and *.*.adobe. and all the files encrypted. after that i shut downed by laptop and remove the OS and install new OS. but my all files still encrypted and could not decrepit at all. i got a *.*txt file titled as "HOW TO RECOVER ENCRYPTED FILES.txt" and _openme.txt. the message as below.

i am attaching a encrypted files with the message so that an altruist can get a solution to decrypt.

please help.

 

HOW TO RECOVER ENCRYPTED FILES.TXT

_openme.txt

DSC08552.JPG.adobe.GEFEST

Share this post


Link to post
Share on other sites

It looks like your files have been encrypted by two different ransomwares. The first appears to be a variant of STOP, and the second appears to be a variant of Scarab:
https://id-ransomware.malwarehunterteam.com/identify.php?case=6591928fb2a36d361027c332259e635f9067dea8

For Scarab it may be possible for Dr.Web to assist with decryption, however please note that they do not do this for free. They require you to have a license for their business Anti-Virus software before they will assist you. One of Dr.Web's resellers (Emmanuel) offers assistance on the BleepingComputer forums with contacting them to find out if your files can be decrypted. You can find more information at the following link:
https://www.bleepingcomputer.com/forums/t/651855/scarab-mich78-ransomware-scarab-scorpio-mich78usacom-support-topic/page-22#entry4516375

Note: Being a reseller, Emmanuel will make at least some money selling you the license you will need to purchase before Dr.Web will decrypt your files (assuming they can of course).

Once the files encrypted by Scarab have been decrypted, you will still need to deal with the STOP ransomware. I'll ask and see if there is any possibility of decrypting the files encrypted by it.

Share this post


Link to post
Share on other sites

Michael Gillespie says you've already contacted him, so I'll let him handle this, as he's the one who made the decrypter for this ransomware. ;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.