Boberto 0 Posted October 15, 2019 Report Share Posted October 15, 2019 Hey guys I got infected by a ransomware .adame Is there a way to decrypt all my files? Thanks. Quote Link to post Share on other sites
Amigo-A 136 Posted October 15, 2019 Report Share Posted October 15, 2019 Yes, I probably know which encryptor did this, but I need confirmation. Attach the original file of ransom note and several encrypted files to your message. Quote Link to post Share on other sites
quietman7 3 Posted October 18, 2019 Report Share Posted October 18, 2019 The .Adame extension has been used by both Phobos and a Scarab variant. Files encrypted by Phobos will have an <ID>-<id> with 8 random hexadecimal characters>.[<email>] followed by the .Adame extension as explained here by Amigo-A (Andrew Ivanov). <filename>.<extension>.id[F6593DDC-2275].[[email protected]].Adame <filename>.<extension>.id[70C80B9F-1127].[[email protected]].Adame <filename>.<extension>.id[AE9AE1C0-2275].[[email protected]].Adame If it does not have the <ID>-<id> with 8 random hexadecimal characters>.[<email>] pattern followed by the .Adame extension, then it is a Scarab variant. Based on infection rates, you are most likely infected with Phobos which leaves files (ransom notes) named Phobos.hta, Encrypted.txt, Data.hta, info.hta and info.txt. 1 Quote Link to post Share on other sites
nikola vasili 0 Posted January 19, 2020 Report Share Posted January 19, 2020 Hi Can I recover my files on my computer encrypted with the ".Adame" virus? can you please help me".Adame" virüsü ile şifrelenmiş bilgisayarımdaki dosyalarımı kurtarabilir miyim? lütfen bana yardım edebilir misin Quote Link to post Share on other sites
quietman7 3 Posted January 19, 2020 Report Share Posted January 19, 2020 Unfortunately, there is no known method to decrypt files encrypted by any Phobos Ransomware variants without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique (specific) for each victim and generated in a secure way that cannot be brute-forced. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.