Jump to content


Visiting Expert
  • Content Count

  • Joined

  • Last visited

  • Days Won


Amigo-A last won the day on December 4 2020

Amigo-A had the most liked content!

Community Reputation

136 Excellent

About Amigo-A

  • Rank
    Ransomware Expert
  • Birthday August 1

Contact Methods

  • Website URL

Profile Information

  • Gender
  • Location
    3rd station from Sun
  • Interests
    Collection, catalogization and publication of information about Ransomware. Cooperating support of 'ID Ransomware' (in English and Russian). I work without off-time days and holidays. Пишите мне на русском, если знаете этот язык.

Recent Profile Visitors

4961 profile views
  1. https://id-ransomware.malwarehunterteam.com/identify.php?case=e6d10c8b565a4e2c3a5a539e45d5e81dcc2911e2 My guess is confirmed. This is Phobos Ransomware. The extortionists changed the ransom note slightly.
  2. No. We need original files of notes, the picture will not do in this case. We see many imitators, the extortionists copy some elements to deceive.
  3. This is similar to the Phobos Ransomware variant Attach a ransom note and several different encrypted files to your message.
  4. You need to wait. A support specialist will tell you how best to do it. We have a time difference of 10-11 hours. This new variant of "STOP ransomware" and needs to research.
  5. You can use this tool to check your PC. https://www.emsisoft.com/en/home/antimalware/ Wait for a response from a support technician to help you with an active PC infection.
  6. This ransomware may still be active on your system. It is necessary to check the PC and save the found malicious files in quarantine. Thanks! You read that right. For a long time, this Help remains valid. Unfortunately, if the ransomware was performing online-encryption, then most likely the files will not be able to decrypt. But each case requires study. Extortionists can change something at any time.
  7. Yes, this is a new variant STOP Ransomware. Soon, a support specialist will explain the situation with the decryptor to you. You can also read help on this case.
  8. We are back at that time. Phobos Ransomware Here is the text of the note from extortionists: Emails: [email protected], [email protected] Under "XXXXXXXX-XXXX" your ID: 4A8BBA50-2275 Sample: https://app.any.run/tasks/a6176a03-8f98-4322-992d-0162647a2286/
  9. Open the system drive (usually drive C:) and look for the Personal ID.txt file there If there are no PersonalID.txt and _readme.txt files, then attach several encrypted files to the message. Just in case.
  10. This is the result of the Matrix Ransomware attack.
  • Create New...