Recommended Posts

Hi Everyone,

New to this forum and hoping to get some help.

My system was infected by ransomware and all affected files now have an extension .[[email protected]].phobos

The usual text file says:

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected]
In case of no answer in 24 hours write us to theese e-mails: [email protected]
If there is no response from our mail, you can install the Jabber client and write to us in support of [email protected] or [email protected]

I've attached one of the affected files.

Has anyone managed to develop a decryptor for the above.

Your help and suggestions are greatly appreciated.

Jim

19.09,8580960.pdf.ID-F4F623F6.[[email protected]].phobos

Share this post


Link to post
Share on other sites

 

 It is  recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can then paste a link to the results into a reply if you would like one of our experts review them.

 

Share this post


Link to post
Share on other sites

Unfortunately, there is no known method that I am aware of to decrypt files encrypted by Phobos Ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. If feasible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time.

Share this post


Link to post
Share on other sites

Phobos appears to use AES-256 encryption. Unless there's a flaw in their implementation of that encryption, then it is more than likely not possible to decrypt files that have been encrypted by Phobos.

Share this post


Link to post
Share on other sites

You're welcome.

I recommend keeping an eye on BleepingComputer's news feed, as they regularly post news about ransomware, so if someone manages to find a way to recover files encrypted by Phobos then BleepingComputer will more than likely report on it:
https://www.bleepingcomputer.com/

If you have an RSS reader, then BleepingComputer also has an RSS feed at the following link:
https://www.bleepingcomputer.com/feed/

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.