Nasty Ransomware Infection

sheepondrugs · Sep 25, 2019

Hi guys,

I booted my computer up this morning and I noticed files changed names. (family computer).
I tried to scan with Avast anti-virus but it would not run at all. Running Windows 7 - 64Bit

Files are been named:- Untitled-1.png.id[28D5E55C-2275].[recovermyfiles2019@thesecure.biz].Adame

I'm sure it's Ransomware. But unsure which one. Maybe Phobos?

I have run several anti-virus programs and tools and they have found nothing. It's encrypting everything, even my external hard drive with important legal/medical documents on.

As you can imagine I'm in total panic mode at the moment.

any help would be amazing right now. Thanks in advance. - Chris

TimW · Sep 25, 2019

"Unfortunately, there is no known method that I am aware of to decrypt files encrypted by Phobos Ransomware without paying the ransom and obtaining the private keys from the criminals who created the ransomware unless they are leaked or seized & released by authorities after making an arrest. Without the master private RSA key that can be used to decrypt your files, decryption is impossible. That usually means the key is unique for each victim and generated in a secure way that cannot be brute-forced."

BleepingComputer.com

plodr · Sep 26, 2019

Learn to create images and store them on external portable hard drives. That's the best way to get out of lots of messes.
Also NEVER, EVER, have only 1 copy of any important file stored on the computer.

Imandy Mann · Sep 26, 2019

The images on external portable hard drives should be stored off-line till needed. As proven by your portable drives now being encrypted!

Log in or Sign up

Nasty Ransomware Infection

sheepondrugs Private First Class

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

plodr MajorGeek Super Extraordinaire Moderator Staff Member

Imandy Mann MajorGeekolicious