Ransomware DEVOX
- Thread starter Huarhuachi
- Start date
- Status
- Apr 9, 2020
- 667
Hello Huarhuachi,
I am Karsten and will gladly help you with any malware-related problems.
Please familiarize yourself with the following ground rules before you start.
It sounds like you have already identified the ransomware as STOP/DJVU ransomware, is this correct?
Please share the ransom note or personal ID with me to be sure.
Please let me know what kind of assistance you are seeking.
Do you want to get your files back or clean your computer? The first isn't necessary if you have backups. The latter isn't necessary if you already reinstalled your operating system which is usually the safest option.
I am Karsten and will gladly help you with any malware-related problems.
Please familiarize yourself with the following ground rules before you start.
- Read my instructions thoroughly, carry out each step in the given order.
- Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
- If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
- Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
- Back up important files before we start.
- Note: On weekends I might be slow to reply
It sounds like you have already identified the ransomware as STOP/DJVU ransomware, is this correct?
Please share the ransom note or personal ID with me to be sure.
Please let me know what kind of assistance you are seeking.
Do you want to get your files back or clean your computer? The first isn't necessary if you have backups. The latter isn't necessary if you already reinstalled your operating system which is usually the safest option.
El rasonware que me ha encriptado todos los archivos es de extensión .DEVOS
He usado el malwarebytes and EMSIsoft, ademas use el HitmanPRO.
Para recuperar los archivos he usado el desencriptador STOP/DJVU ransomware, Stellar, recuva, shadowexplored y no logro recuperar los archivos. Estoy al borde de la desesperacion porque es un fileserver.
Help me!
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail
Write this ID in the title of your message –
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
He usado el malwarebytes and EMSIsoft, ademas use el HitmanPRO.
Para recuperar los archivos he usado el desencriptador STOP/DJVU ransomware, Stellar, recuva, shadowexplored y no logro recuperar los archivos. Estoy al borde de la desesperacion porque es un fileserver.
Help me!
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail
Write this ID in the title of your message –
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Last edited by a moderator:
- Apr 9, 2020
- 667
I do not understand Spanish. Only German and English.
It does not look like STOP ransomware. I suspect it is Dharma. I will need an encrypted file for proper identification.
Please upload an encrypted file to, e.g., https://easyupload.io
Drag and drop the file in the website.
Click on Upload.
Wait for the upload to finish.
Copy the download URL and paste it in your next reply.
It does not look like STOP ransomware. I suspect it is Dharma. I will need an encrypted file for proper identification.
Please upload an encrypted file to, e.g., https://easyupload.io
Drag and drop the file in the website.
Click on Upload.
Wait for the upload to finish.
Copy the download URL and paste it in your next reply.
Dear my server has blocked the https://easyupload.io on the other hand I send it to you by WeTransfer
Download link: Propuesta técnica I.pdf.id[7270C4C6-2654].[[email]qq1935@mail.fr[/email]].Devos and 3 more files
Indeed it seems that it is Phobos from the Dharma family.
Download link: Propuesta técnica I.pdf.id[7270C4C6-2654].[[email]qq1935@mail.fr[/email]].Devos and 3 more files
Indeed it seems that it is Phobos from the Dharma family.
Propuesta técnica I.pdf.id[7270C4C6-2654].[qq1935@mail.fr].Devos and 3 more files
4 files sent via WeTransfer, the simplest way to send your files around the world
we.tl
- Apr 9, 2020
- 667
Thank you. Yes, it is Phobos which is based on Dharma.
Unfortunately there is no way to decrypt or recover your files without a key. You already tried the most common recovery methods. Since Phobos encrypts the whole file, repair is also not possible.
You mentioned it is server that was hit. Phobos is commonly distributed via Remote Desktop Protocol (RDP). Please check your RDP settings and make them secure. Use a strong password. Disable access that isn't needed.
This also means that your sever was most likely compromised by a hacker who has full access to the system. I highly recommend reformat and reinstall at this point. Criminals often leave several backdoors on systems they compromised which may be very hard to find.
Regarding your files I recommend not to pay, because Phobos threat actors have been known to take the money and leave without giving you the files back.
Make a backup of the encrypted files and wait in case a solution comes up. But I wouldn't count on it.
Unfortunately there is no way to decrypt or recover your files without a key. You already tried the most common recovery methods. Since Phobos encrypts the whole file, repair is also not possible.
You mentioned it is server that was hit. Phobos is commonly distributed via Remote Desktop Protocol (RDP). Please check your RDP settings and make them secure. Use a strong password. Disable access that isn't needed.
This also means that your sever was most likely compromised by a hacker who has full access to the system. I highly recommend reformat and reinstall at this point. Criminals often leave several backdoors on systems they compromised which may be very hard to find.
Regarding your files I recommend not to pay, because Phobos threat actors have been known to take the money and leave without giving you the files back.
Make a backup of the encrypted files and wait in case a solution comes up. But I wouldn't count on it.
- Apr 9, 2020
- 667
- Status
Similar threads
- Locked
