Marsel 0 Posted July 4, 2019 Report Share Posted July 4, 2019 Hello Does anyone on forum find a solution for .acute ransomware ? I got all the files encrypted Thank you Quote Link to post Share on other sites
Amigo-A 136 Posted July 4, 2019 Report Share Posted July 4, 2019 Hello, @Marsel A month ago, you already affected from Dharma. Now it can be either a new variant of the Dharma or a new variant Phobos Ransomware. You already know that in order to say more precisely, you need to attach an encrypted file and both notes to the message. It is better to archive it without a password and attach it to the message. Quote Link to post Share on other sites
Amigo-A 136 Posted July 4, 2019 Report Share Posted July 4, 2019 Depending on which Ransomware you suffered today, you will need security advice and a PC scan for malicious files. Check PC with Emsisoft Emergency Kit to exclude re-encryption: http://www.emsisoft.com/en/software/eek/ Only do not select the option to delete files in quarantine, so that experts can see the result later. Quote Link to post Share on other sites
Marsel 0 Posted July 6, 2019 Author Report Share Posted July 6, 2019 Hello Thank you for your support. Yes is the second time , because again forget rdp port open but the symantec antivirus enterprise was installed and does not work correctly because i get again the ransomware Anyway i have some important documents so any solution to decrypt these ransomware from anyone will help me a lot The infected file was 1ssas.exe Hacker Tools as i remember because directly i installed Malwarebyte and the virus is removed I will attach a .acure file Thanks databasedc_check2019-04-05_05-50-52PM.log.id[445AE4DC-1096].[[email protected]].acute Quote Link to post Share on other sites
Marsel 0 Posted July 6, 2019 Author Report Share Posted July 6, 2019 The virus was from Process Hacker 2 It was located on Start Menu/Programs Quote Link to post Share on other sites
Amigo-A 136 Posted July 6, 2019 Report Share Posted July 6, 2019 your file with new extension .id[445AE4DC-1096].[[email protected]].acute .id[445AE4DC-1096].[[email protected]].acute - full extension of new variant of Phobos Ransomware .id[445AE4DC-1096] - ID format typical of new versions of Phobos Ransomware [email protected] - email of extortionists using of Phobos Ransomware .acute - extension of this variant of Phobos Ransomware Like the Dharma Ransomware, Phobos does not have a free decryptor. Quote Link to post Share on other sites
Amigo-A 136 Posted July 7, 2019 Report Share Posted July 7, 2019 A malicious program can leave Trojans and stealers of personal information on your PC after its work. It is configured to cause the most harm and can work secretly for a long time. Check PC with Emsisoft Emergency Kit to exclude re-encryption: http://www.emsisoft.com/en/software/eek/ Only do not select the option to delete files in quarantine, so that experts can see the result later. Quote Link to post Share on other sites
GT500 873 Posted July 9, 2019 Report Share Posted July 9, 2019 On 7/6/2019 at 5:24 AM, Marsel said: the symantec antivirus enterprise was installed and does not work correctly because i get again the ransomware It doesn't matter what security software you use. Attackers that compromise RDP will generally just turn off your security software, and do whatever they want on the system. If they can't turn it off, then they'll just terminate it, even if the security software has strong self-protection mechanisms. The only real defense against this sort of attack is to make sure that unauthorized IP addresses cannot access the RDP port in any way. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.