Jump to content

Infected by Dewar virus {SAD FACE}


Recommended Posts

Hello Antiviral Masters,

I'm a postgraduate resercher in SUSTech university, China. One of my colleagues'  computer was hecked by a kind of virus with .dewar suffix name that changed all the names of files and made them inaccessible. We are doing biomedical research and those data including his graduate thesis are very important for his graduation and career life. The infection may happen from the local area network he built for sending data that links to one equipment computer. The hacker asks for 1.6 bitcoins which is totally unaffordable for us... We have found  many tools on your website but it seems like none of them is designed for this one. Can those research data and documents be recovered? I have attached some related pics that has some detailed info. I'm looking forward to your reply and thank you very much.

Best Wishes

Mike

b&bo=oAU4BAAAAAARJ4k!&rf=viewer_4

b&bo=oAU4BAAAAAARF7k!&rf=viewer_4b&bo=oAU4BAAAAAARF7k!&rf=viewer_4

Link to comment
Share on other sites

Hello. It’s good that you presented screenshots of ransom-notes. I can identify this ransomware. This is one of the new Phobos Ransomware options.
The extortionists from Phobos have been behind this for many years have been attacking computers of people around the world with impunity. They use a secure encryption method, so it is not possible to obtain a decryption key even with an original decoder/decryptor.
Specialists from different countries tried to get decryption keys in alternative ways. While there is no way to get decryption keys without paying a ransom.
We do not recommend paying ransomware, as this stimulates them to new attacks. But if the encrypted files are very dear to you, you can use an alternative contact method with extortionists, which representatives of the support service will tell you about if they read this topic.

  • Like 1
Link to comment
Share on other sites

I added this variant to my article, made a link to this topic. Unfortunately, that’s all I can help. It is recommended that you store encrypted files in a safe place. It is possible that in the future a new decryption method will be found or decryption keys will get to decryption specialists. So it was with other encryptors.

Link to comment
Share on other sites

On 4/10/2020 at 1:08 PM, Amigo-A said:

I added this variant to my article, made a link to this topic. Unfortunately, that’s all I can help. It is recommended that you store encrypted files in a safe place. It is possible that in the future a new decryption method will be found or decryption keys will get to decryption specialists. So it was with other encryptors.

 

On 4/10/2020 at 12:57 PM, Amigo-A said:

Hello. It’s good that you presented screenshots of ransom-notes. I can identify this ransomware. This is one of the new Phobos Ransomware options.
The extortionists from Phobos have been behind this for many years have been attacking computers of people around the world with impunity. They use a secure encryption method, so it is not possible to obtain a decryption key even with an original decoder/decryptor.
Specialists from different countries tried to get decryption keys in alternative ways. While there is no way to get decryption keys without paying a ransom.
We do not recommend paying ransomware, as this stimulates them to new attacks. But if the encrypted files are very dear to you, you can use an alternative contact method with extortionists, which representatives of the support service will tell you about if they read this topic.

Thank you very very much for this in time reply although the result is as our expected. I'm sure the justice will eventually defeat evil and this nusty creeper who made this ransomware will pay for his rabid evildoings eventually. Thank you for the efforts on making the world better~

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...