Infektion not detected 23.06. 12:42

  • 26 June 2019
  • 1 reply

Hello to all.
On Sunday June 23. our Server was infected by Ransomware. It seems to be a kind of Phobos.
On Monday June 24 I realized that all files of our server were encrypted.
Every File name now includes "wewillhelpyou" and the filetype is *.adage. the main problem is that also the windows-back up function is infected. All shadowcopies were deleted and only one backup file exists also with the type *adage.
I need help. Perhaps someone can tell me if I can decrypt some files, especially the backup file.
Please contact me.


1 reply

Userlevel 7
Badge +11

Please review "How to protect your computer against file-encrypting malware in Kaspersky Small Office Security 6": https://support.kaspersky.com/14801

In terms of recovering/decrypting the files, this type of virus usually encrypts the files with very high bit keys, and in very rare cases a decryptor can be created, usually due to failure or careless programming of the malware. But in the vast majority it is not possible, at least at the moment.

You can check if the ransomware that attacked you currently has the possibility to be decrypted here: https://id-ransomware.malwarehunterteam.com/index.php?lang=en

You can find information that can help you here: https://www.nomoreransom.org/en/index.html

Also try the utilities offered by Kaspersky: http://support.kaspersky.com/viruses/utility

If you are a Kaspersky user with a valid license, open a support ticket in my Kaspersky account, send them a sample of an encrypted file, and if you have the same file unencrypted.