Jump to content

Ramsomware Phoenix


Juan
 Share

Recommended Posts

Hi team one of my server was infected with ramsomware wallyredd@aol.com extension phoenix. Do you know the best tool or the way to delete and decrypt the files.

IMG-aol.thumb.jpg.f00b7fe43fd56a0d7c635a0d7247407f.jpg

The version is ESET remote administration version 6.5

Thanks.

Link to comment
Share on other sites

Phoenix Ransomware Description

When the Phoenix Ransomware was first mentioned amongst security researchers, the Trojan was still in development. Researchers found the threat while digging in reports submitted to the Google's VirusTotal platform and going on the Dark Web. Samples recovered from reports provided threat investigators with the executable to analyze, and they reveal interesting facts. The Phoenix Ransomware appears to be in development at the time of writing this. However, the Phoenix Ransomware is compact in size and can be deployed with spam emails as a file with a double extension, which may pass as a simple invoice easily.

https://www.enigmasoftware.com/phoenixransomware-removal/

https://www.pcrisk.com/removal-guides/10829-phoenix-ransomware

 

File infected.rar

Link to comment
Share on other sites

If the pcrisk.com article you previously linked is correct and Phoenix ransomware is a Hidden Tear variant, did you try the Avast decrypter mentioned in the article?

Also bleepingcomputer.com has a decrypter for Hidden Tear ransomware variants: https://www.bleepingcomputer.com/download/hidden-tear-decrypter/

Link to comment
Share on other sites

  • Administrators
21 minutes ago, Juan said:

Do you have any answer?

Unfortunately, you attached encrypted files, not the ransomware note that I asked for.

Link to comment
Share on other sites

Based on this: https://twitter.com/demonslay335/status/1114195895837503490 , I would say we are looking at Phobos ransomware. There is no decrypter available for Phobos.

Phobos usually asks for 6000 bitcoin payment in the ransomware note.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...