Jump to content

Recommended Posts

Hi team one of my server was infected with ramsomware wallyredd@aol.com extension phoenix. Do you know the best tool or the way to delete and decrypt the files.

IMG-aol.thumb.jpg.f00b7fe43fd56a0d7c635a0d7247407f.jpg

The version is ESET remote administration version 6.5

Thanks.

Share this post


Link to post
Share on other sites

Phoenix Ransomware Description

When the Phoenix Ransomware was first mentioned amongst security researchers, the Trojan was still in development. Researchers found the threat while digging in reports submitted to the Google's VirusTotal platform and going on the Dark Web. Samples recovered from reports provided threat investigators with the executable to analyze, and they reveal interesting facts. The Phoenix Ransomware appears to be in development at the time of writing this. However, the Phoenix Ransomware is compact in size and can be deployed with spam emails as a file with a double extension, which may pass as a simple invoice easily.

https://www.enigmasoftware.com/phoenixransomware-removal/

https://www.pcrisk.com/removal-guides/10829-phoenix-ransomware

 

File infected.rar

Share this post


Link to post
Share on other sites

Hi team, 

Do you have any answer?

Thanks.

Share this post


Link to post
Share on other sites

If the pcrisk.com article you previously linked is correct and Phoenix ransomware is a Hidden Tear variant, did you try the Avast decrypter mentioned in the article?

Also bleepingcomputer.com has a decrypter for Hidden Tear ransomware variants: https://www.bleepingcomputer.com/download/hidden-tear-decrypter/

Share this post


Link to post
Share on other sites
21 minutes ago, Juan said:

Do you have any answer?

Unfortunately, you attached encrypted files, not the ransomware note that I asked for.

Share this post


Link to post
Share on other sites

Hi team,
thanks for the help, we managed to get a backup and installed everything new.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...