Mike Pang

Infected by Dewar virus {SAD FACE}

Recommended Posts

Hello Antiviral Masters,

I'm a postgraduate resercher in SUSTech university, China. One of my colleagues'  computer was hecked by a kind of virus with .dewar suffix name that changed all the names of files and made them inaccessible. We are doing biomedical research and those data including his graduate thesis are very important for his graduation and career life. The infection may happen from the local area network he built for sending data that links to one equipment computer. The hacker asks for 1.6 bitcoins which is totally unaffordable for us... We have found  many tools on your website but it seems like none of them is designed for this one. Can those research data and documents be recovered? I have attached some related pics that has some detailed info. I'm looking forward to your reply and thank you very much.

Best Wishes

Mike

b&bo=oAU4BAAAAAARJ4k!&rf=viewer_4

b&bo=oAU4BAAAAAARF7k!&rf=viewer_4b&bo=oAU4BAAAAAARF7k!&rf=viewer_4

Share this post


Link to post
Share on other sites

Hello. It’s good that you presented screenshots of ransom-notes. I can identify this ransomware. This is one of the new Phobos Ransomware options.
The extortionists from Phobos have been behind this for many years have been attacking computers of people around the world with impunity. They use a secure encryption method, so it is not possible to obtain a decryption key even with an original decoder/decryptor.
Specialists from different countries tried to get decryption keys in alternative ways. While there is no way to get decryption keys without paying a ransom.
We do not recommend paying ransomware, as this stimulates them to new attacks. But if the encrypted files are very dear to you, you can use an alternative contact method with extortionists, which representatives of the support service will tell you about if they read this topic.

  • Like 1

Share this post


Link to post
Share on other sites

I added this variant to my article, made a link to this topic. Unfortunately, that’s all I can help. It is recommended that you store encrypted files in a safe place. It is possible that in the future a new decryption method will be found or decryption keys will get to decryption specialists. So it was with other encryptors.

Share this post


Link to post
Share on other sites
1 hour ago, Amigo-A said:

This is one of the new Phobos Ransomware options.

Yes, this does appear to be Phobos. Unfortunately it isn't decryptable.

  • Like 1

Share this post


Link to post
Share on other sites
On 4/10/2020 at 1:08 PM, Amigo-A said:

I added this variant to my article, made a link to this topic. Unfortunately, that’s all I can help. It is recommended that you store encrypted files in a safe place. It is possible that in the future a new decryption method will be found or decryption keys will get to decryption specialists. So it was with other encryptors.

 

On 4/10/2020 at 12:57 PM, Amigo-A said:

Hello. It’s good that you presented screenshots of ransom-notes. I can identify this ransomware. This is one of the new Phobos Ransomware options.
The extortionists from Phobos have been behind this for many years have been attacking computers of people around the world with impunity. They use a secure encryption method, so it is not possible to obtain a decryption key even with an original decoder/decryptor.
Specialists from different countries tried to get decryption keys in alternative ways. While there is no way to get decryption keys without paying a ransom.
We do not recommend paying ransomware, as this stimulates them to new attacks. But if the encrypted files are very dear to you, you can use an alternative contact method with extortionists, which representatives of the support service will tell you about if they read this topic.

Thank you very very much for this in time reply although the result is as our expected. I'm sure the justice will eventually defeat evil and this nusty creeper who made this ransomware will pay for his rabid evildoings eventually. Thank you for the efforts on making the world better~

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.