tsankov 0 Posted February 16, 2019 Report Share Posted February 16, 2019 Hi Everyone, New to this forum and hoping to get some help. My system was infected by ransomware and all affected files now have an extension .[[email protected]].phobos The usual text file says: All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected] In case of no answer in 24 hours write us to theese e-mails: [email protected] If there is no response from our mail, you can install the Jabber client and write to us in support of [email protected] or [email protected] I've attached one of the affected files. Has anyone managed to develop a decryptor for the above. Your help and suggestions are greatly appreciated. Jim 19.09,8580960.pdf.ID-F4F623F6.[[email protected]].phobos Quote Link to post Share on other sites
stapp 153 Posted February 16, 2019 Report Share Posted February 16, 2019 It is recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can then paste a link to the results into a reply if you would like one of our experts review them. Quote Link to post Share on other sites
tsankov 0 Posted February 16, 2019 Author Report Share Posted February 16, 2019 Thanks for the replay. Here is the link with the result: https://id-ransomware.malwarehunterteam.com/identify.php?case=cce9e9c7dc76baa51ee3fd12d3ebf344af061bf4 Quote Link to post Share on other sites
quietman7 3 Posted February 17, 2019 Report Share Posted February 17, 2019 Unfortunately, there is no known method that I am aware of to decrypt files encrypted by Phobos Ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. If feasible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time. Quote Link to post Share on other sites
GT500 873 Posted February 18, 2019 Report Share Posted February 18, 2019 Phobos appears to use AES-256 encryption. Unless there's a flaw in their implementation of that encryption, then it is more than likely not possible to decrypt files that have been encrypted by Phobos. Quote Link to post Share on other sites
tsankov 0 Posted February 18, 2019 Author Report Share Posted February 18, 2019 I know it wasn't going to be easy. Thank you, everyone, for the effort Quote Link to post Share on other sites
GT500 873 Posted February 19, 2019 Report Share Posted February 19, 2019 You're welcome. I recommend keeping an eye on BleepingComputer's news feed, as they regularly post news about ransomware, so if someone manages to find a way to recover files encrypted by Phobos then BleepingComputer will more than likely report on it:https://www.bleepingcomputer.com/ If you have an RSS reader, then BleepingComputer also has an RSS feed at the following link:https://www.bleepingcomputer.com/feed/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.