area2001 0 Posted April 26, 2019 Report Share Posted April 26, 2019 Y neeed decrypt eth files, please help me , thanks Quote Link to post Share on other sites
Amigo-A 136 Posted April 26, 2019 Report Share Posted April 26, 2019 Hello. It is a pity that this happened ... You need attach a ransom note and a few encrypted doc, jpg, png files to your first or new post. ---------------------------------------------- Let's also are clarify: Extension look like this? - .ETH Encrypted files look like this? - original_filename.id-XXXXXXXX.[[email protected]].ETH Under XXXXXXXX are letters and numbers. If so, this means that the files are encrypted Dharma Ransomware. Read more: This '.id-XXXXXXXX.[phobos.encrypt@qq.com].ETH' added to your files This 'XXXXXXXX' is your ID as victim of Ransomware This 'phobos.encrypt@qq.com' is an address of extortionists This '.ETH' is an ending extension for your encrypted files This '.id-XXXXXXXX.[phobos.encrypt@qq.com].ETH' is an compound extension for your encrypted files This is a general pattern of Dharma Ransomware .id-<id>.[<email>].ETH for encrypted files of version with extension .ETH This is a pattern of Dharma Ransomware .id-<id>.[phobos.encrypt@qq.com].ETH for your encrypted files Quote Link to post Share on other sites
GT500 873 Posted April 26, 2019 Report Share Posted April 26, 2019 I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them. Quote Link to post Share on other sites
Amigo-A 136 Posted April 29, 2019 Report Share Posted April 29, 2019 The result of uploading a notes and files will be the same as I described above. Because ID Ransomware will react to the pattern and the known extension, and if already know, then to the email also. But email can already be used in other projects from which extortionists are moving. (They usually roam like beetles from one feeder to another). Dharma Ransomware also used the typical file marker and the typical name of the project for a long time. This is easy to see, but extortionists can get rid of these easily recognizable elements of "folk art". In some variants this happened. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.