Table of contents
1. What is .[[email protected]].Devos ransomware?
2. How does .[[email protected]].Devos ransomware virus spread infection?
3. How to restore files infected with .[[email protected]].Devos suffix ransomware virus?
4. .[[email protected]].Devos ransomware virus data recovery case
5. Suggestions for system security protection measures
Preface: Introduction
In today's digital age, ransomware has become a popular method used by cyber attackers. Devos ransomware is one of the common ransomware. Devos ransomware is a type of malware that works by encrypting files on the infected computer. Next, our 91 Data Recovery Research Institute will introduce the relevant information of the Devos ransomware in detail.
If you are unfortunately infected with this ransomware, you can add our data recovery service number (shujuxf) for free consultation to get help on data recovery.
This suffix is already the Nth upgraded variant of the old Phobos ransomware family. Let’s take a look at this .Devos suffix ransomware.
1. What is .[ [email protected] ].Devos ransomware?
Recently, experts from the 91 Data Recovery Research Institute discovered the latest variant of the Phobos virus——.[ [email protected] ].Devos The active spread of ransomware with the suffix suffix. This variant of the virus adopts a behavior similar to the Phobos virus, but has some new encryption features.
One of the main features of Devos ransomware is encrypted files. And the “.[ [email protected] ].Devos” ransomware is no exception. It encrypts commonly used files on the user's device, such as photos, documents, videos, etc., so that users cannot normally access these files. In addition, the “[ [email protected] ].Devos” ransomware can also modify the file extension to confuse malicious code and increase the difficulty for users to restore data.
Once Devos ransomware successfully infects a computer, it immediately starts encrypting the victim's files, including documents, pictures, videos, audio and database files, etc. The software uses strong encryption algorithms such as AES and RSA. When we launch a sample on our test machine system, it encrypts the file and appends the “.id[XXXXXXXX-XXXX].[[email protected]].Devos” extension to the filename. For example, a file originally titled "1.jpg" appears as "1.jpg.id[XXXXXXXX-XXXX].[ [email protected] ].Devos" and "2.jpg" appears as "2.jpg.id [XXXXXXXX-XXXX].[ [email protected] ].Devos", and so on.
In short, the spread of the latest variant of the Phobos virus family—.[ [email protected] ].Devos suffix ransomware virus has brought serious threats to users. We need to attach great importance to and take effective measures to protect the security of our computers and personal information.
|
Ransomware Threat Information
|
|
|
virus name
|
devos
ransomware
|
|
threat type
|
encryption virus, ransomware
|
|
Encrypted file extension
|
.devos
(the file is also appended with a unique encrypted
ID
number
and the cyber criminal's email address)
|
|
documents demanding ransom
|
info.hta
(popup windows),
info.txt
|
|
Can the free decryptor decrypt?
|
No
|
|
Email list
|
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
, montana_8894@
bk.ru
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
ifirthelperforunlockyourfiles@privatemail
。
com
,付费文件
@
email.tg
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
william_jefferson1@protonmail
。
com,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
, kabennalzly@aol.
com,[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
, support_devos@protonmail. com,
[email protected]
, @devos_support (Telegram),
[email protected]
(Jabber),
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
, star-new @email.tg,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
,
[email protected]
, bob_marley1991@libertymail .net
,
[email protected]
,
[email protected]
,
[email protected]
、
[email protected]
、
[email protected]
(
Jabber
)
|
|
detection source
|
Avast
(
Win32
:
Phobos-D [Ransom]
),
Combo Cleaner
(
Trojan.Ransom.PHU
),
ESET-NOD32
(
a variant of
Win32/Filecoder.Phobos.C ),
Kaspersky ( HEUR : Trojan.Win32.Generic ), Microsoft (Ransom: Win32/Phobos.PM )
|
|
Symptoms of being encrypted
|
Unable to open files stored on your computer, all files are now appended with an encrypted extension (for example,
my.docx
.id[XXXXXXXX-3327].[
[email protected]
].Devos
).
|
|
Propagation mode
|
Remote desktop password blasting, system vulnerabilities, database port attacks, etc.
|
2. How does .[[email protected]].Devos ransomware virus spread infection?
.[ [email protected] ].Devos ransomware spreads the infection in many ways, the following are some common transmission routes:
- Attacks against a single target. This attack method requires the attacker to directly enter the target computer, and then spread the Devos ransomware through one of multiple channels, such as system vulnerability attacks, database port attacks, email attachments, malicious links, or downloading software.
- Attacks against large institutions. This type of attack is often achieved through large-scale phishing attacks, in which attackers craft fake emails, social media accounts or other websites to trick users into clicking links or downloading files. When a user clicks on a link or downloads a file, the Devos ransomware will be downloaded to the computer and begin encrypting the user's files.
- System vulnerabilities: Hackers may use published or unpublished system vulnerabilities to carry out scanning attacks. Once intruded, they will immediately close the relevant security settings or security protection software on the machine, and encrypt data files in batches.
3. How to restore files infected with .[[email protected]].Devos suffix ransomware virus?
Due to the encryption algorithm of this suffix virus file, the file encryption of each infected computer server is different. It is necessary to independently detect and analyze the virus characteristics and encryption of the encrypted file to determine the most suitable recovery plan.
Considering the time, cost, risk and other factors required for data recovery, it is recommended that if the data is not important, it is recommended to directly scan and disinfect the entire disk, format and reinstall the system, and then do a good job in system security protection. If the infected data does have the value and necessity of recovery, you can add our technical service number (sjhf91) for free consultation to obtain relevant help for data recovery.
4. .[[email protected]].Devos ransomware virus data recovery case
(1) Encrypted data situation:
A company server has 140,000+ encrypted data on the whole machine. The core thing that needs to be restored is the business software account set database file.
(2) Completion of data recovery:
The data has been restored. Except for the individual cache files on the c disk, all other files have been successfully restored, and the recovery rate is equal to 100%.
5. Suggestions for system security protection measures:
Prevention is far more important than rescue, so in order to avoid such incidents, it is strongly recommended that you take the following protective measures on a daily basis:
Mallox ransomware may seem scary, but there are steps we can take to prevent it. Here are some prevention suggestions:
1. Backup important data
Backup is one of the most important measures to prevent ransomware. If your computer is infected, backing up your data can help you avoid permanent data loss. Therefore, it is very necessary to back up important data regularly.
2. Update the operating system and software
Regularly updating your operating system and software is another key measure against ransomware. Because ransomware exploits system and software vulnerabilities to attack computers, if your system and software are up-to-date, then the existence of vulnerabilities can be reduced, thereby reducing the risk of computer infection with ransomware.
3. Install anti-virus software and firewall
Antivirus software and firewalls are two other important tools to protect against ransomware. Antivirus software can help you detect and remove malware on your computer, and a firewall can help you stop malware from invading. It is recommended to install reliable antivirus software and firewall, and update them regularly.
4. Do not easily open unfamiliar email attachments
The main way ransomware spreads is through malicious email attachments. Therefore, do not easily open the attachments of unfamiliar emails, especially emails from unknown senders. If you receive an email from a stranger, please check the source of the email and the authenticity of the attachment before deciding whether to open it.
5. Use a Virtual Private Network (VPN)
A virtual private network (VPN) can help you hide your IP address and location information, enhancing your online security. Using a VPN can effectively prevent ransomware from infecting your computer through network attacks.
Contents of encrypted ransom note file info.txt:
!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: [email protected].
If you have not received a response within 24 hours, write to us at Jabber: [email protected]
The following are common ransomware viruses that will spread in 2023, indicating that ransomware viruses are diversifying and variants are developing rapidly.
Suffix 360 ransomware, halo ransomware, mallox ransomware, xollam ransomware, faust ransomware, lockbit ransomware, locked1 ransomware, lockbit3.0 ransomware, eight ransomware, locked ransomware, locked1 ransomware, .[ datastore @cyberfear.com ].mkp, mkp ransomware, milovski ransomware, milovski-Q ransomware, milovski-V ransomware, makop ransomware, devos ransomware, .[[email protected]].eking ransomware , eking Ransomware, Globeimposter-Alpha865qqz ransomware, nread ransomware, .[ [email protected] ].Elbie ransomware,.Elibe ransomware,.[ [email protected] ].Devos ransomware, .[ myers@cock. li ].Devos ransomware, [ [email protected] ].Devos ransomware, .[ [email protected] ].Devos ransomware, nread ransomware……….