Jump to content

Piotr

PiotrM

By PiotrM,
in Help, my files are encrypted!

 Share Followers 1

Recommended Posts

PiotrM

PiotrM 0

Posted
Posted

Hello

My disk is encrypted and every file has "id[48DD8B75-2415].[[email protected]].Caley" extension. I have removed infected files and viruses by AV software, but I can't decrypt files. They are unusable. Could You help me, how I have to do it? Maybe suggest me some kind of software? It is very important. I am waiting for Your advice.

greetings

Piotr

Link to post
Share on other sites
PiotrM

PiotrM 0

Posted
  • Author
Posted
On 12/3/2019 at 4:44 PM, Amigo-A said:

This is the result of an attack and format of encrypted file of Phobos Ransomware

You need to upload the ransom note and the encrypted file so that the identification on Ransomware ID service is successful.

Thanks for Your help, but it is not rcognized. I am still trying find something to decrypt files.

First message is:

Phobos

This ransomware has no known way of decrypting data at this time.

It is recommended to backup your encrypted files, and hope for a solution in the future.

Identified by

  • sample_bytes: [0xB20EA - 0xB20F2] 0x000041444D343135

 

Click here for more information about Phobos

Second info:

Rapid

This ransomware has no known way of decrypting data at this time.

It is recommended to backup your encrypted files, and hope for a solution in the future.

Identified by

  • ransomnote_filename: How Recovery Files.txt

 

Click here for more information about Rapid

Piotr

Link to post
Share on other sites
GT500

GT500 854

Posted
Posted
5 hours ago, PiotrM said:

Thanks for Your help, but it is not rcognized. I am still trying find something to decrypt files.

I took a look at one of the files you uploaded to ID Ransomware:

Beznazwy-12.pdf.id[48DD8B75-2415].[[email protected]].Caley.no_more_ransom How Recovery Files.txt

The extension .no_more_ransom and the ransom note appear to be from the Rapid ransomware, however the rest of the changes to the file name look like Phobos. It looks like your files were encrypted by more than one ransomware. It's not possible to decrypt files that have been encrypted by this version of Rapid, and as far as I am aware there's still no way to decrypt files that were encrypted by Phobos.

Link to post
Share on other sites
Amigo-A

Amigo-A 136

Posted
Posted

In May of this year there was already a case with the same Rapid variant.

---

You can to create a decryption request in DrWeb and provide Rapid-encrypted files and a ransom note file How Recovery Files.txt

http://legal.drweb.com/encoder/?lng=en
http://legal.drweb.ru/encoder/?lng=ru

For request of test-decryption, you do not need to make an advance payment. It's free. 

But in practice there is no hope of decrypting files after double encryption and after Phobos in particular. 

Link to post
Share on other sites
PiotrM

PiotrM 0

Posted
  • Author
Posted
19 hours ago, GT500 said:

I took a look at one of the files you uploaded to ID Ransomware:

Beznazwy-12.pdf.id[48DD8B75-2415].[[email protected]].Caley.no_more_ransomUnavailable   How Recovery Files.txtUnavailable

The extension .no_more_ransom and the ransom note appear to be from the Rapid ransomware, however the rest of the changes to the file name look like Phobos. It looks like your files were encrypted by more than one ransomware. It's not possible to decrypt files that have been encrypted by this version of Rapid, and as far as I am aware there's still no way to decrypt files that were encrypted by Phobos.

19 hours ago, GT500 said:

I took a look at one of the files you uploaded to ID Ransomware:

Beznazwy-12.pdf.id[48DD8B75-2415].[[email protected]].Caley.no_more_ransomUnavailable   How Recovery Files.txtUnavailable

The extension .no_more_ransom and the ransom note appear to be from the Rapid ransomware, however the rest of the changes to the file name look like Phobos. It looks like your files were encrypted by more than one ransomware. It's not possible to decrypt files that have been encrypted by this version of Rapid, and as far as I am aware there's still no way to decrypt files that were encrypted by Phobos.

Hello

Thank You All  for Your time and answers. I think I will wait and maybe in the future decoding will be possible, but I have no hope now :( . I am still trying find the way for my infected data recovery. Good news is, that I have a copy, but not all files. It is very strange for me,  that NOD32 AV didn't recognize viruses before infection. After infection AV recognized  problem and removed viruses, but how it is possible to agree with encoding files? So, thanks again for Your cooperation and have a nice day :)) If You will have some suggestions I will be very glad and happy, to hear something about it in the future.

Greetings

Piotr

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 1
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2021 Emsisoft - 01/19/2021 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...