Nasir Bashir 0 Report post Posted September 29, 2019 Hi, My system got infected but this time I see that the ransomware guy forgot to remove all his exe, bat files and all those files are there which were used to encrypt the data. Is there a way to get the decryption key from that tool. Please let me know and I can provide those files to someone. I am sure that since his exe was not able to close on its own I think the encryption keys might still be sitting on the system. There is an application zam.exe but its asking for a password. Please advise. Thanks. Quote Share this post Link to post Share on other sites
Amigo-A 133 Report post Posted September 29, 2019 Quote .id[XXXXXXXX-2423].[[email protected]].deal If such a long extension is added to your files, and at the end is .deal, then the files are encrypted by Phobos Ransomware. You can check it out on the site ID Ransomware. He has a lot of variants with different data, I do not have time to add info in Digest "Crypto-Ransomware". XXXXXXXX - this is a replacement for symbol in your ID. The extortionists email address may be different. There are no free methods for decrypting files encrypted by Phobos. There are also no paid decryptors, except for those that extortionists has. Quote Share this post Link to post Share on other sites
Nasir Bashir83 0 Report post Posted September 29, 2019 So is there any antivirus/malware system which can protection from Ransomware except for backups. Quote Share this post Link to post Share on other sites
GT500 813 Report post Posted September 30, 2019 8 hours ago, Nasir Bashir83 said: So is there any antivirus/malware system which can protection from Ransomware except for backups. Emsisoft Anti-Malware has reasonable protection against ransomware, and a Behavior Blocker that's particularly good at it. Backups are still recommended, regardless of what security solution you decide to go with, and I highly recommend that you save backups on removable media (USB hard drives or SSD's for instance) and leave them disconnected from the computer when not backup up data to them. Ransomware will encrypt data on any connected drive, and often on network shares as well, so the backup media can not remain accessible to the computer all of the time, as this will give the ransomware the opportunity to encrypt it. Quote Share this post Link to post Share on other sites
Demonslay335 25 Report post Posted October 24, 2019 The groups behind Phobos actually compromise your system via RDP or other remote software you had open... no antivirus on the planet can protect you if someone had full control of the server. Quote Share this post Link to post Share on other sites
