勒索病毒新的变种phobos

勒索病毒新的变种。我的电脑win7 64位，装了360安全卫士，360杀毒，也都及时升级了，但还是中毒了，360安全卫士都被关掉了。

硬盘上所有文件都被加了phobos的后缀，不能使用。在lesuobingdu.360.cn 这个页面上传样本，还发现不了这个病毒

您好，您可以留下QQ，我们核实下，看下具体原因。

赶着用电脑，系统我已经重装了。D盘的文件都被加密了，倒是都在。11847013

怎么样，有进一步的进展吗？

我也遇到了，今天

我也遇到了

应该是你自己关的360吧

去外网搜索了关于phobos的资料，相关内容的网页几乎都是1月初的新网页。百度搜索，国内只有正瑛科技和探数两家在贴吧有发过帖子，我找了探数发了个样本文件给他，但是没有下文了。360到现在还不能检测出来……。

我也中毒了。Q307889237，还装360防勒索，无效

今天凌晨中招，所有文件全部被锁，如图。此类病毒好像是3389暴破失陷后利用powershell执行的，我有科来溯源的镜像报文，但RDP传输的报文貌似是加了密

找到解决办法了吗？服务器中招啦

中毒了   q 379919498

中招了。怎么解决啊。

我的电脑也出现这样的问题了  急求！！

我的QQ是2434616628，昨天下午中毒的，所有文件全是.phobos

又一中招的

q 1173730727   请问360可以解密吗？

Decoding Files 1.5 btc tommorow 1,7 btc - 1 PC =From 3 PC-price negotiable
pay in Bitcoin (BTC)
translation at the expense of Bitcoin
3MZZvY778et8RamVGCqtquqzMTmJFx9dWw
Buy Bitcoin here https://localbitcoins.com or
https://www.buybitcoinworldwide.com/find-exchange/ or
https://www.coinbase.com or
https://www.xmlgold.eu or
any other exchanger
or
write to Google how to buy Bitcoin in your country?
in order to guarantee the availability of our key
we can decrypt one file for free
the size of the files <1 mb, doc.docx.xls.xlsx.pdf.jpg.bmp.txt file format
other formats will not be free decryption
after payment you will receive a program
how many computers do you have encrypted ?
what country are you from ?

each decryption key is worth the money. no money, no transcript

we also offer service to you. full of advice for protecting against
attacks? - the price of 0.2 BTC
and remember our work is very hard. and it requires a lot of time and costs.

If there is no response from our mail, you can install the Jabber client
and write to us in support of phobos_helper@xmpp.jp or
phobos_helper@exploit.im

Jabber client installation instructions:
1) Download the jabber (Pidgin) client from
https://pidgin.im/download/windows/
2) After installation, the Pidgin client will prompt you to create a new
account.
3) Click "Add"
4) In the "Protocol" field, select XMPP
5) In "Username" - come up with any name
6) In the field "domain" - enter any jabber-server, there are a lot of
them, for example - exploit.im
7) Create a password
8) At the bottom, put a tick "Create account"
9) Click锟 nbsp;add
10) If you selected "domain" - exploit.im, then a new window should
appear in which you will need to re-enter your data:
a) User
b) password
c) You will need to follow the link to the captcha (there you will see
the characters that you need to enter in the field below)

If you don锟斤拷t understand our Pidgin client installation instructions, you
can find many installation tutorials on youtube -
https://www.youtube.com/results? ... dgin+jabber+install

do not try to restore the files - yourself third-party software-you can
spoil them.

4个月过去了。没有任何响应。外网也没有找到可以恢复文件的办法。

我多台服务器中了 phobos 的  adage 类型，，开了360 卫士，毫无用处，痛苦中。

近年来,勒索病毒集中爆发对不少行业造成了极大的威胁,甚至已经造成了不小的损失。

是的，勒索病毒泛滥，做好备份工作。

今早中招，求解决方案

!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: tsai.shen@mailfence.com.
If there is no response from our mail, you can install the Jabber client and write to us in support of tsai.shen@xmpp.jp

凌晨中标，请有解决方法吗