Harmony

Phobos .adame Ransomware

Recommended Posts

Hi everyone newbie here lovely to meet you all.

I've been infected ( well my pc has ) with the dreaded Phobos Ransomware.  I know there is no key yet for it but just wondered if anyone else has had any luck getting their files back without paying the criminals.

I did have most of my files backed up but not all of them as I had just come back from holiday and had not had time to  back up all my holiday photos and work documents, the files that have been infected are really precious so I am really upset.

Share this post


Link to post
Share on other sites
On 10/31/2019 at 11:58 PM, GT500 said:

Your files were encrypted by a newer variant of STOP/Djvu that uses a more secure form of encryption. Since your ID isn't an offline ID, it won't be possible for the decrypter to decrypt your files.

It may be possible that law enforcement will catch the criminals some day, and release the private keys so that we can add them to our database to allow decryption of everyone's files, so we recommend making a backup of all of your encrypted files in case this happens some day.

I contacted the UK Cyber Crime Unit and UK Action Fraud and my IP Provider.  I did manage to grab the criminals IP but then I suppose they are using various VPN's.

I refuse to pay the ransom goodness knows how much it would be anyway.

Share this post


Link to post
Share on other sites
43 minutes ago, Amigo-A said:

Now the situation is different with the new STOP Ransomware variants:
.gero, .hese , .xoza, .seto, .peta, .moka, .meds, .kvag, .domn, .karl, .nesa, .boot, .noos, .kuub, .reco, .bora, .leto, .nols, .werd, .coot, .derp, .nakw, .meka, .toec,

Most files will never be decrypted. It will take millions of years to advance one step in decryption, but even this does not lead to decryption of files.

To prevent this from happening, you need to better protect your PC and not use any pirated and hacked software. 

Of course, licensed use is an expensive pleasure, but there are many legitimate analogues of those paid programs that are commonly used around the world.

My files are enrcryted with .adame which is phobos ransomware apparently.

As I said above Ihad just come back from holiday and had not had time to  back up all my holiday photos and work documents.

I never use software that is not paid for and I have McAfee Total Protection plus Malware Bytes, paid for legally,  I never use pirated or hacked software,  so I am perplexed as to how my pc got infected and I am now beginning to wonder just who it is that is behind these attacks as there are 'companies' making a lot of money from this. 

Perhaps all is not what it seems with these Ransomware infections?  Paranoid much,  you bet I am.

But I have it all logged with UK Action Fraud and the Police and it's not what you know it's who you know that  helps as they say.

 

 

 

 
  •  

Share this post


Link to post
Share on other sites

I would believe that there's still nothing that can be done about the Phobos ransomware, however Amigo-A may remember something that I don't (once he realizes that you're a victim of Phobos and not STOP/Djvu).

Share this post


Link to post
Share on other sites

Yes, apparently, I was error up with the topic. This was night already... 

There are much more victims from STOP than from Phobos Ransomware. But he takes the second position, after STOP Ransomware.

We do not know any decryptors for Phobos that we could recommend to you.

---

In this case, the entire police force is not enough to calculate and detain the extortionists. For this black ransomware business, any police actions seem like a mosquito bite.

Share this post


Link to post
Share on other sites
On 11/5/2019 at 7:45 AM, GT500 said:

I would believe that there's still nothing that can be done about the Phobos ransomware, however Amigo-A may remember something that I don't (once he realizes that you're a victim of Phobos and not STOP/Djvu).

Thanks  GT500 I think my pc has more than .adame / phobos on it.  😢

 

Share this post


Link to post
Share on other sites
On 11/5/2019 at 8:20 AM, Amigo-A said:

Yes, apparently, I was error up with the topic. This was night already... 

There are much more victims from STOP than from Phobos Ransomware. But he takes the second position, after STOP Ransomware.

We do not know any decryptors for Phobos that we could recommend to you.

---

In this case, the entire police force is not enough to calculate and detain the extortionists. For this black ransomware business, any police actions seem like a mosquito bite.

Thanks Amigo-A

Mosquito bites can happen a lot and be nasty ! 

I think my pc has more then the .adame /phobos infection and McAfee have been told where to take their inept firewall and total protection !  No open ports on pc no torrents no illegal software so how this happened is beyond me. I can only hope that there is a decryptor soon and that the dark forces behind this are stopped and caught.

 

 

Share this post


Link to post
Share on other sites
On 11/10/2019 at 1:24 AM, Harmony said:

I think my pc has more then the .adame /phobos infection

In this case, you need to check the PC for active malware. 

Here is a recommendation from @GT500

On 11/7/2019 at 9:57 AM, GT500 said:

Let's try getting a log from FRST, and see if it shows any installed security software. You can find instructions for downloading and running FRST at the following link:
https://help.emsisoft.com/en/1738/how-do-i-run-a-scan-with-frst/

@GT500 will answer you after reviewing the reports.

Share this post


Link to post
Share on other sites

You can attach log files to a reply here. When you click in the field to type your reply, you can drag and drop files into the reply field, or you can access the attachment controls at the bottom.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.