SensorsTechForum - How to Technology and PC Security Forum

PC Security and Protection => Malware Removal Questions and Guides => Topic started by: molejas on June 18, 2019, 12:54:57 am

Title: Encrypted files
Post by: molejas on June 18, 2019, 12:54:57 am
Hello,

Our 2 servers, file and exchange 2016, were infected by a ransomware.
I want your help to tell exactly what kind of ransome is that and if I can revert the encryption of my files.
TEXT:
"All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail luciolussenhoff@aol.com
Write this ID in the title of your message 9EF7A78C-1023
In case of no answer in 24 hours write us to this e-mail:leeming.derick@aol.com
If there is no response from our mail, you can install the Jabber client and write to us in support of waitheisenberg@xmpp.jp
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. "
How can I remove the ransom(http://)ware and How cai I revert the files?

Urgent!!!


Title: Re: Encrypted files
Post by: Execute on June 19, 2019, 10:33:27 am
Hello,

Our 2 servers, file and exchange 2016, were infected by a ransomware.
I want your help to tell exactly what kind of ransome is that and if I can revert the encryption of my files.
TEXT:
"All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail luciolussenhoff@aol.com
Write this ID in the title of your message 9EF7A78C-1023
In case of no answer in 24 hours write us to this e-mail:leeming.derick@aol.com
If there is no response from our mail, you can install the Jabber client and write to us in support of waitheisenberg@xmpp.jp
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. "
How can I remove the ransom(http://)ware and How cai I revert the files?

Urgent!!!

This looks like the newest 2019 version of PHOBOS ransomware.
For information and removal instructions check the following article:

https://sensorstechforum.com/phobos-ransomware-remove-restore-phobos-files/ (https://sensorstechforum.com/phobos-ransomware-remove-restore-phobos-files/)

As to how you can revert the files, there is no decryption tool, but you can try a Data Recovery tool, although I have not seen it being effective against PHOBOS.

What you can do from now on is to backup your 2 servers on two separate locations, so at least one of the backups survive.
Title: Re: Encrypted files
Post by: flashhmob on July 08, 2019, 12:45:16 pm
Does this work?
Title: Re: Encrypted files
Post by: Execute on July 09, 2019, 03:51:57 pm
Does this work?

What exactly are you referring to?