Marsel 0 Report post Posted July 4 Hello Does anyone on forum find a solution for .acute ransomware ? I got all the files encrypted Thank you Quote Share this post Link to post Share on other sites
Amigo-A 16 Report post Posted July 4 Hello, @Marsel A month ago, you already affected from Dharma. Now it can be either a new variant of the Dharma or a new variant Phobos Ransomware. You already know that in order to say more precisely, you need to attach an encrypted file and both notes to the message. It is better to archive it without a password and attach it to the message. Quote Share this post Link to post Share on other sites
Amigo-A 16 Report post Posted July 4 Depending on which Ransomware you suffered today, you will need security advice and a PC scan for malicious files. Check PC with Emsisoft Emergency Kit to exclude re-encryption: http://www.emsisoft.com/en/software/eek/ Only do not select the option to delete files in quarantine, so that experts can see the result later. Quote Share this post Link to post Share on other sites
Marsel 0 Report post Posted July 6 Hello Thank you for your support. Yes is the second time , because again forget rdp port open but the symantec antivirus enterprise was installed and does not work correctly because i get again the ransomware Anyway i have some important documents so any solution to decrypt these ransomware from anyone will help me a lot The infected file was 1ssas.exe Hacker Tools as i remember because directly i installed Malwarebyte and the virus is removed I will attach a .acure file Thanks databasedc_check2019-04-05_05-50-52PM.log.id[445AE4DC-1096].[[email protected]].acute Quote Share this post Link to post Share on other sites
Marsel 0 Report post Posted July 6 The virus was from Process Hacker 2 It was located on Start Menu/Programs Quote Share this post Link to post Share on other sites
Amigo-A 16 Report post Posted July 6 your file with new extension .id[445AE4DC-1096].[[email protected]].acute .id[445AE4DC-1096].[[email protected]].acute - full extension of new variant of Phobos Ransomware .id[445AE4DC-1096] - ID format typical of new versions of Phobos Ransomware [email protected] - email of extortionists using of Phobos Ransomware .acute - extension of this variant of Phobos Ransomware Like the Dharma Ransomware, Phobos does not have a free decryptor. Quote Share this post Link to post Share on other sites
Amigo-A 16 Report post Posted July 7 A malicious program can leave Trojans and stealers of personal information on your PC after its work. It is configured to cause the most harm and can work secretly for a long time. Check PC with Emsisoft Emergency Kit to exclude re-encryption: http://www.emsisoft.com/en/software/eek/ Only do not select the option to delete files in quarantine, so that experts can see the result later. Quote Share this post Link to post Share on other sites
GT500 563 Report post Posted July 9 On 7/6/2019 at 5:24 AM, Marsel said: the symantec antivirus enterprise was installed and does not work correctly because i get again the ransomware It doesn't matter what security software you use. Attackers that compromise RDP will generally just turn off your security software, and do whatever they want on the system. If they can't turn it off, then they'll just terminate it, even if the security software has strong self-protection mechanisms. The only real defense against this sort of attack is to make sure that unauthorized IP addresses cannot access the RDP port in any way. Quote Share this post Link to post Share on other sites
