Jump to content

Windows Server Image got encrypted.


Recommended Posts

Hi, my ext hdd containing my company's server image got encrypted. I tried contacting the people who encrypted my files and i could not get a response from them. I have attached a copy of the ramsomeware note and a sample file. Would appreciate if anyone could help, I'm willing to give some reward for the effort. Thank you so much.

Read Me Please!.HtA Backup_Error-01-01-2018_13-00-10.log.[[email protected]]

Link to comment
Share on other sites

ID Ransomware says the bitcoin address is the same as the one used by Phobos, however I don't think that's actually what it is.

Since this appears to be a corporate request, I recommend going through our paid ransomware recovery service, especially since I'm not certain exactly what ransomware you're dealing with yet:
https://www.emsisoft.com/en/ransomware-recovery-services/

Link to comment
Share on other sites

Hi thank you for your response, i followed your link and unfortunately it gave me this message 'Based on your provided information we were able to identify your ransomware as “Phobos“.
Unfortunately, this ransomware can’t be decrypted at all. Please reach out to our friends at Coveware to discuss your options.' 

 

Link to comment
Share on other sites

I still don't think it's Phobos, however I will ask for confirmation.

Go ahead and contact Coveware if you haven't already, as they may be able to help if it does turn out to be Phobos.

Link to comment
Share on other sites

It's actually GlobeImposter 2.0 (identification on ID Ransomware has been fixed). Same outcome though, only the criminals have the private key(s) to decrypt your files.

Edited by Demonslay335
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...