Recommended Posts

One of our servers got infected with Phobos ransomware. 

 Currently, all horizontal communication has been stopped and all servers are in shutdown condition, with all network removed.

 We plan to start the physical server on safe mode and check further gradually.As there is no secure network available at site, latest patch update would be difficult.

 Could you please share some details about standalone utilities that can help to detect the infection and deep scan.

IMG-20190513-151131170.jpg

Share this post


Link to post
Share on other sites

Hello @Anand812

In the screenshot in the lower right corner there is a logo PHOBOS.

This is Phobos Ransomware. I have been tracking activity this Ransomware since October 2017.
 Until now, no one has released a free decryptor who could decrypt files of different versions.
---
You can attach the original memo file and several encrypted files to your message so that I can catalog this variant.
---
You can subscribe to this topic and receive notifications about any new cases and attempts to decrypt, if it will be in the future.

Share this post


Link to post
Share on other sites
On 6/16/2019 at 7:39 AM, Anand812 said:

Could you please share some details about standalone utilities that can help to detect the infection and deep scan.

If all documents have already been encrypted, then the ransomware has almost certainly already deleted itself.

If you do want to run a scan, then we do have Emsisoft Emergency Kit which comes with a portable Anti-Virus scanner. It's normally not free for corporate use, however we do have a 30-day free trial if you are interested:
https://www.emsisoft.com/en/business/eek/

We also have a command-line scanner if you'd prefer something like that, although note that it is also bundled with Emsisoft Emergency Kit (under different licensing terms):
https://www.emsisoft.com/en/business/businessecurity/#command-line

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.