.[[email protected]].eth

[area2001 0]

Y neeed decrypt eth files, please help me , thanks

[Amigo-A 81]

Hello. It is a pity that this happened ...

You need attach a ransom note and a few encrypted doc, jpg, png files to your first or new post.

----------------------------------------------

Let's also are clarify:

Extension look like this? - .ETH
Encrypted files look like this? - original_filename.id-XXXXXXXX.[[email protected]].ETH

Under XXXXXXXX are letters and numbers. 

If so, this means that the files are encrypted Dharma Ransomware. 

Read more: 

This '.id-XXXXXXXX.[phobos.encrypt@qq.com].ETH' added to your files
This 'XXXXXXXX' is your ID as victim of Ransomware
This 'phobos.encrypt@qq.com' is an address of extortionists
This '.ETH' is an ending extension for your encrypted files
This '.id-XXXXXXXX.[phobos.encrypt@qq.com].ETH' is an compound extension for your encrypted files

This is a general pattern of Dharma Ransomware .id-<id>.[<email>].ETH for encrypted files of version with extension .ETH
This is a pattern of Dharma Ransomware .id-<id>.[phobos.encrypt@qq.com].ETH for your encrypted files

[GT500 714]

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

[Amigo-A 81]

The result of uploading a notes and files will be the same as I described above.
Because ID Ransomware will react to the pattern and the known extension, and if already know, then to the email also.
But email can already be used in other projects from which extortionists are moving. (They usually roam like beetles from one feeder to another). 

 Dharma Ransomware also used the typical file marker and the typical name of the project for a long time. This is easy to see, but extortionists can get rid of these easily recognizable elements of "folk art". In some variants this happened.