Marsel

.acute encrypted files

By Marsel, in Help, my files are encrypted!

Recommended Posts

Amigo-A    109

Amigo-A
Posted

Hello, @Marsel

A month ago, you already affected from Dharma.

Now it can be either a new variant of the Dharma or a new variant Phobos Ransomware

You already know that in order to say more precisely, you need to attach an encrypted file and both notes to the message.
It is better to archive it without a password and attach it to the message.

Share this post

Link to post
Share on other sites

Amigo-A    109

Amigo-A
Posted

Depending on which Ransomware you suffered today, you will need security advice and a PC scan for malicious files.

Check PC with Emsisoft Emergency Kit to exclude re-encryption: 
http://www.emsisoft.com/en/software/eek/

Only do not select the option to delete files in quarantine, so that experts can see the result later.

Share this post

Link to post
Share on other sites

Marsel    0

Marsel
Posted

Hello

 

Thank you for your support. Yes is the second time , because again forget rdp port open but the symantec antivirus enterprise was installed and does not work correctly because i get again the ransomware

Anyway i have some important documents so any solution to decrypt these ransomware from anyone will help me a lot

The infected file was 1ssas.exe Hacker Tools as i remember because directly i installed Malwarebyte and the virus is removed


I will attach a .acure file 

 

Thanks

databasedc_check2019-04-05_05-50-52PM.log.id[445AE4DC-1096].[[email protected]].acute

Share this post

Link to post
Share on other sites

Amigo-A    109

Amigo-A
Posted

your file with new extension .id[445AE4DC-1096].[[email protected]].acute

.id[445AE4DC-1096].[[email protected]].acute - full extension of new variant of Phobos Ransomware

.id[445AE4DC-1096] - ID format typical of new versions of Phobos Ransomware

[email protected] - email of extortionists using of Phobos Ransomware

.acute - extension of this variant of Phobos Ransomware

Like the Dharma Ransomware, Phobos does not have a free decryptor.

 

Share this post

Link to post
Share on other sites

Amigo-A    109

Amigo-A
Posted

A malicious program can leave Trojans and stealers of personal information on your PC after its work.

It is configured to cause the most harm and can work secretly for a long time.

Check PC with Emsisoft Emergency Kit to exclude re-encryption: 
http://www.emsisoft.com/en/software/eek/

Only do not select the option to delete files in quarantine, so that experts can see the result later.

Share this post

Link to post
Share on other sites

GT500    760

GT500
Posted
On 7/6/2019 at 5:24 AM, Marsel said:

the symantec antivirus enterprise was installed and does not work correctly because i get again the ransomware

It doesn't matter what security software you use. Attackers that compromise RDP will generally just turn off your security software, and do whatever they want on the system. If they can't turn it off, then they'll just terminate it, even if the security software has strong self-protection mechanisms.

The only real defense against this sort of attack is to make sure that unauthorized IP addresses cannot access the RDP port in any way.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.