Recommended Posts

This may be Phobos. I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify if that's the case:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites
On 3/21/2020 at 2:19 PM, GT500 said:

Here's the result and also I attached the encrypted file

https://id-ransomware.malwarehunterteam.com/identify.php?case=0d955540c2fad3b95ba564f84fa004e6b1335b9c

You can attach a copy of the ransom note and an encrypted file to a reply, which will help us identify the ransomware for you. Either drag and drop them into the reply field, or use the "choose files" link next to the paperclip icon at the bottom of the reply field.

 

info.txt db2.txt.id[425FE343-2692].[[email protected]].Devos

Share this post


Link to post
Share on other sites

Unfortunately it isn't possible to decrypt files that have been encrypted by the Phobos ransomware.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.