Beast Ransomware Locks Victims' Files

During our examination of the malware known as Beast, we determined that it operates as ransomware. Upon infiltrating a system, Beast encrypts files, displays a ransom note, and alters filenames.

Beast appends a series of random characters, potentially a victim's ID, and adds the ".BEAST" extension to file names. For instance, "1.jpg" becomes "1.jpg.{9FBBD051-19C1-DD7D-7970-05C896B93093}.BEAST", and "2.png" becomes "2.png.{9FBBD051-19C1-DD7D-7970-05C896B93093}.BEAST".

The ransom note notifies victims that their files, including documents, photos, databases, and other vital data, have been encrypted. It advises against altering any files within zip archives and asserts that decryption is only possible through purchasing a unique decryptor from the attackers.

Moreover, it offers to decrypt one file for free upon contacting a specified email address (wangteam@skiff.com), provided the file is of little value. The note also warns against renaming or modifying encrypted files, attempting decryption with third-party software, or seeking decryption assistance from third parties to avoid potential scams or increased fees.

Beast Ransom Note in Full

The complete text of the ransom note produced by Beast reads as follows:

YOUR FILES ARE ENCRYPTED

Your files, documents, photos, databases and other important files are encrypted.

If you found this document in a zip, do not modify the contents of that archive! Do not edit, add or remove files from it!

You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique decryptor.
Only we can give you this decryptor and only we can recover your files.

To be sure we have the decryptor and it works you can send an email: WangTeam@skiff.com
decrypt one file for free.
But this file should be of not valuable!

Do you really want to restore your files?
Write to email: WangTeam@skiff.com

Attention!
Do not rename or edit encrypted files and archives containing encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

How Can You Protect Your Data from Ransomware Attacks?

Protecting your data from ransomware attacks involves implementing various preventive measures and security practices. Here are some essential steps to safeguard your data:

Backup Your Data: Regularly back up your data to an external hard drive, cloud storage, or a backup service. Ensure that backups are automated, frequent, and stored offline to prevent them from being compromised by ransomware.

Update Software Regularly: Keep your operating system, antivirus software, and other applications up to date with the latest security patches and updates. Vulnerabilities in outdated software can be exploited by ransomware attackers.

Use Antivirus and Antimalware Software: Install reputable antivirus and antimalware software on your devices and keep them updated. These programs can help detect and prevent ransomware infections.

Exercise Caution with Email Attachments and Links: Be cautious when opening email attachments or clicking on links, especially from unknown or suspicious senders. Verify the legitimacy of the sender before downloading any attachments or clicking on links.

Enable Pop-up Blockers: Enable pop-up blockers in your web browser to prevent malicious pop-ups from appearing and potentially downloading ransomware onto your system.

Use Strong Passwords and Two-Factor Authentication: Use strong, unique passwords for your accounts and enable two-factor authentication whenever possible. This adds an extra layer of security and makes it more difficult for attackers to gain unauthorized access to your accounts.