Recommended Posts

Hi Guys! I just opened my PC and I found a virus (OdTec.exe) being encrypted my files... I installed bitdefender and it found the virus... but a lot of my work has encrypted and I don't know what to do... Other people said the same about their PC! Because I force closed the virus there was no message...

All the files have this extension: .id[86A229C1-2275].[[email protected]]

 

 

Share this post


Link to post
Share on other sites

 

12 hours ago, Thanos said:

.id[86A229C1-2275].[[email protected]].Adame

As I thought, this is the result of Phobos Ransomware attack.

OdTec .exe - this may be the file that encrypted your files. 

I have already investigated several such cases in the last 24 hours.

Share this post


Link to post
Share on other sites
Quote

I force closed the virus there was no message...

After the encryption is complete, you would receive such a note with ransom requirements.

I put your ID 86A229C1-2275 in the right field. Other victims got it with their ID.

3copy.png.5a467e913c9f69c20c86a71cbbbc74d1.png
Download Image

Share this post


Link to post
Share on other sites

@PERZIVAL

We do not have a solution to this problem. For Phobos are no free file decryptors. 

Affected users of this variant of Phobos began to appear only from yesterday (here and at BC-forum).
I created a description of this version (updates are at the end of the article) in order to attract the attention of specialists and shared a sample of the harmful file of this version with the .Adame extension with the community of decoding experts. They can access it for research.

The malicious activity of Phobos Ransomware has been going on for almost 2 years. But until now, no one can release a free decryptor for Phobos Ransomware. 

Share this post


Link to post
Share on other sites

@njr2003

Everything I wrote above applies also to your case. Alas. 

But until now, no one can release a free decryptor for Phobos Ransomware. 

Share this post


Link to post
Share on other sites

Hello @chmm2100387

Previously and at the moment there is no known way to decrypt files after an attack by Phobos Ransomware. This is checked regularly as the current version or a new version of the encryptor is released.

None of those involved in decrypting files after an attack by ransomware has not yet published a decryptor or method that allows you to decrypt files or otherwise return information from files after a Phobos attack.

If you will search for new information on the Internet, then take into consideration the following info: many sites that Google gives in search results make public disinformation and offer to download fake decryption tools.

Sites that provide true information and free decryption tools:
https://www.bleepingcomputer.com/forums/f/239/ransomware-help-tech-support/
https://support.emsisoft.com/forum/83-help-my-files-are-encrypted/ 
if you want, add to them those that are in my signature. :)

These sites (forums) help victims for free. No fee is required if they can help. Experts from different countries and different nationalities gather here. If decryption becomes possible, then they and we will report on successful decryption methods in the news and on forum publications.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.