tsankov 0 Report post Posted February 16 Hi Everyone, New to this forum and hoping to get some help. My system was infected by ransomware and all affected files now have an extension .[[email protected]].phobos The usual text file says: All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected] In case of no answer in 24 hours write us to theese e-mails: [email protected] If there is no response from our mail, you can install the Jabber client and write to us in support of [email protected] or [email protected] I've attached one of the affected files. Has anyone managed to develop a decryptor for the above. Your help and suggestions are greatly appreciated. Jim 19.09,8580960.pdf.ID-F4F623F6.[[email protected]].phobos Quote Share this post Link to post Share on other sites
stapp 128 Report post Posted February 16 It is recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can then paste a link to the results into a reply if you would like one of our experts review them. Quote Share this post Link to post Share on other sites
tsankov 0 Report post Posted February 16 Thanks for the replay. Here is the link with the result: https://id-ransomware.malwarehunterteam.com/identify.php?case=cce9e9c7dc76baa51ee3fd12d3ebf344af061bf4 Quote Share this post Link to post Share on other sites
quietman7 0 Report post Posted February 17 Unfortunately, there is no known method that I am aware of to decrypt files encrypted by Phobos Ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. If feasible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time. Quote Share this post Link to post Share on other sites
GT500 572 Report post Posted February 18 Phobos appears to use AES-256 encryption. Unless there's a flaw in their implementation of that encryption, then it is more than likely not possible to decrypt files that have been encrypted by Phobos. Quote Share this post Link to post Share on other sites
tsankov 0 Report post Posted February 18 I know it wasn't going to be easy. Thank you, everyone, for the effort Quote Share this post Link to post Share on other sites
GT500 572 Report post Posted February 19 You're welcome. I recommend keeping an eye on BleepingComputer's news feed, as they regularly post news about ransomware, so if someone manages to find a way to recover files encrypted by Phobos then BleepingComputer will more than likely report on it:https://www.bleepingcomputer.com/ If you have an RSS reader, then BleepingComputer also has an RSS feed at the following link:https://www.bleepingcomputer.com/feed/ Quote Share this post Link to post Share on other sites
