Выбрать дату в календареВыбрать дату в календаре

1
зашифровано с расширением *.phoenix; .phobos; Caley, Phobos
[URL=https://www.hybrid-analysis.com/sample/2ad9911e932291547af58d0cb504b4fffd861ba819746908f5adf08fb9484d4d]https://www.hybrid-analysis.com/sample/2ad9911e932291547af58d0cb504b4fffd861ba819746908f5adf08fb9484...[/URL]

готово.
зашифровано с расширением *.phoenix; .phobos; Caley, Phobos
[URL=https://www.virustotal.com/gui/file/a2a4bdcec36d216fd92b9c4d784f0db11929ccd59f93713b0c51d58a8e51cd1b/detection]https://www.virustotal.com/gui/file/a2a4bdcec36d216fd92b9c4d784f0db11929ccd59f93713b0c51d58a8e51cd1b...[/URL]
зашифровано с расширением *.phoenix; .phobos; Caley, Phobos
Изначальная записка выше, далее пришел такой ответ:

Decoding Files 0,7 btc tommorow 0,9 btc - 1 PC =From 3 PC-price negotiable pay in Bitcoin (BTC) translation at the expense of Bitcoin 33PeMvvFuRvy5FUdcB3jwJoWHKfkmf3AqA
Buy Bitcoin here [URL=https://localbitcoins.com]https://localbitcoins.com[/URL] or [URL=https://www.buybitcoinworldwide.com/find-exchange/]https://www.buybitcoinworldwide.com/find-exchange/[/URL] or [URL=https://www.coinbase.com]https://www.coinbase.com[/URL] or [URL=https://www.xmlgold.eu]https://www.xmlgold.eu[/URL] or any other exchanger or write to Google how to buy Bitcoin in your country?
in order to guarantee the availability of our key we can decrypt one file for free the size of the files <1 mb, doc.docx.xls.xlsx.pdf.jpg.bmp.txt file format other formats will not be free decryption after payment you will receive a program how many computers do you have encrypted ?
what country are you from ?

each decryption key is worth the money. no money, no transcript

we also offer service to you. full of advice for protecting against attacks? - the price of 0.1 BTC and remember our work is very hard. and it requires a lot of time and costs.

If there is no response from our mail, you can install the Jabber client and write to us in support of [URL=mailto:phobos_helper@xmpp.jp]phobos_helper@xmpp.jp[/URL] or [URL=mailto:phobos_helper@exploit.im]phobos_helper@exploit.im[/URL]

Приложил 2 закодированных и 2 оригинальных файла.

Файл из карантина  на Virus total отправил.
Что дальше?
зашифровано с расширением *.phoenix; .phobos; Caley, Phobos
Добрый день. Поймали шифровальщика phoenix/phobos. Видимо через rdp.
Есть ли возможность расшифровать?

все файлы имеют вид  -

xxx.yyy.id[много цифр].[[URL=mailto:batecaddric@aol.com]batecaddric@aol.com[/URL]].phoenix

на диске с файл с текстом:

!!! All of your files are encrypted !!!
To decrypt them send e-mail to this address: [URL=mailto:batecaddric@aol.com]batecaddric@aol.com[/URL].
If we don't answer in 24h., send e-mail to this address: [URL=mailto:uttensherman@aol.com]uttensherman@aol.com[/URL]
If there is no response from our mail, you can install the Jabber client and write to us in support of [URL=mailto:phobos_helper@xmpp.jp]phobos_helper@xmpp.jp[/URL]
1