tsankov

.[[email protected]].phobos INFECTION

By tsankov, in Ransomware First Aid

Recommended Posts

tsankov    0

tsankov
Posted

Hi Everyone,

New to this forum and hoping to get some help.

My system was infected by ransomware and all affected files now have an extension .[[email protected]].phobos

The usual text file says:

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected]
In case of no answer in 24 hours write us to theese e-mails: [email protected]
If there is no response from our mail, you can install the Jabber client and write to us in support of [email protected] or [email protected]

I've attached one of the affected files.

Has anyone managed to develop a decryptor for the above.

Your help and suggestions are greatly appreciated.

Jim

19.09,8580960.pdf.ID-F4F623F6.[[email protected]].phobos

Share this post

Link to post
Share on other sites

stapp    123

stapp
Posted

 

 It is  recommended to upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can then paste a link to the results into a reply if you would like one of our experts review them.

 

Share this post

Link to post
Share on other sites

quietman7    0

quietman7
Posted

Unfortunately, there is no known method that I am aware of to decrypt files encrypted by Phobos Ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. If feasible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time.

Share this post

Link to post
Share on other sites

GT500    518

GT500
Posted

Phobos appears to use AES-256 encryption. Unless there's a flaw in their implementation of that encryption, then it is more than likely not possible to decrypt files that have been encrypted by Phobos.

Share this post

Link to post
Share on other sites

GT500    518

GT500
Posted

You're welcome.

I recommend keeping an eye on BleepingComputer's news feed, as they regularly post news about ransomware, so if someone manages to find a way to recover files encrypted by Phobos then BleepingComputer will more than likely report on it:
https://www.bleepingcomputer.com/

If you have an RSS reader, then BleepingComputer also has an RSS feed at the following link:
https://www.bleepingcomputer.com/feed/

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.