Nasir Bashir

Need help with Deal Ransomware.

Recommended Posts

Hi,

My system got infected but this time I see that the ransomware guy forgot to remove all his exe, bat files and all those files are there which were used to encrypt the data. Is there a way to get the decryption key from that tool. Please let me know and I can provide those files to someone. 

I am sure that since his exe was not able to close on its own I think the encryption keys might still be sitting on the system. There is an application zam.exe but its asking for a password. Please advise.

 

Thanks.

Share this post


Link to post
Share on other sites
Quote

.id[XXXXXXXX-2423].[[email protected]].deal

If such a long extension is added to your files, and at the end is .deal, then the files are encrypted by Phobos Ransomware.

You can check it out on the site ID Ransomware.

He has a lot of variants with different data, I do not have time to add info in Digest "Crypto-Ransomware". 

XXXXXXXX - this is a replacement for symbol in your ID. The extortionists email address may be different.

There are no free methods for decrypting files encrypted by Phobos.

There are also no paid decryptors, except for those that extortionists has.

Share this post


Link to post
Share on other sites
8 hours ago, Nasir Bashir83 said:

So is there any antivirus/malware system which can protection from Ransomware except for backups.

Emsisoft Anti-Malware has reasonable protection against ransomware, and a Behavior Blocker that's particularly good at it. Backups are still recommended, regardless of what security solution you decide to go with, and I highly recommend that you save backups on removable media (USB hard drives or SSD's for instance) and leave them disconnected from the computer when not backup up data to them. Ransomware will encrypt data on any connected drive, and often on network shares as well, so the backup media can not remain accessible to the computer all of the time, as this will give the ransomware the opportunity to encrypt it.

Share this post


Link to post
Share on other sites

The groups behind Phobos actually compromise your system via RDP or other remote software you had open... no antivirus on the planet can protect you if someone had full control of the server.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.