Adage ransomware – a Phobos malware variant that can encrypt some files stored in the backup
Adage ransomware – a dangerous computer parasite that can infiltrate other malicious infections into the computer system
Adage ransomware is one of the latest Phobos ransomware variants that appends the .adage extension to each locked file. The infection starts by modifying the Windows Registry and Task Manager settings. The malware ensures that it is able to launch within every computer boot process and starts the encryption process by using a unique cipher. When all files and documents are locked, Adage virus provides a ransom-demanding message via info.hta and info.txt formats, places these notes on the desktop and a copy of each to every folder that includes encrypted data. The criminals urge for a Bitcoin payment and making contact via [email protected] email address. Additionally, they recommend sending five small files for free decryption if evidence of the existing decryption tool is wanted.
|Appendix||When files get encrypted by using a unique encryption cipher, their filenames end up with the .adage appendix added|
|Ransom note||The criminals provide all the information about ransom demands, encryption, and decryption in the info.hta and info.txt files which are placed on the computer’s desktop and in each folder that hold encrypted data|
|Price||There are no particular ransom demands provided in the messages, except that the crooks urge for a Bitcoin cryptocurrency transfer. The ransom price can vary anywhere from $50 to $2000|
|Crooks’ email||The criminals include [email protected] email address into the ransom note as a way to make contact and allow the victims to send them 5 files for free decryption|
|Removal||You should eliminate the ransomware virus as soon as you see it on your Windows computer system. For this purpose, use strong antimalware software as manual elimination is not a good possibility for this case|
|Fix||If you have found some compromised system objects, you can try repairing them with software such as Reimage Reimage Cleaner|
|File recovery||We do not recommend paying the demanded ransom price as you can easily get scammed. Instead, go to the end of this article and try the data recovery solutions that are provided there|
A victim has reported that Adage ransomware has attempted to lock all of his files not only on the computer system but some data components stored in the backup also got corrupted. It seems that this malware string has a more advanced operating module and can affect data from various locations.
The criminals who spread Adage ransomware do not provide any particular ransom demands except that the price should be paid in Bitcoin cryptocurrency. In reality, the price can vary anywhere from $50 to $2000. The hackers also threaten people not to use third-party decryption software as it might result in permanent loss of the files:
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected]
Write this ID in the title of your message 1E857D00-2321
In case of no answer in 24 hours write us to this e-mail:[email protected]
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
We do not recommend paying the criminals and believing in Adage ransomware promises as there is a big risk of getting scammed by these people. You might be asked to pay an inadequate amount of money and receive no decryption tool at all.
Continuously, Adage ransomware might have a much more complex module than it looks for us from the first view. The malware might eliminate the Windows hosts file to prevent the victim from accessing security-related websites and forums. Additionally, the virus might be able to delete Shadow Copies of encrypted data by executing specific PowerShell commands.
Adage malware is one of the newest Phobos ransomware versions
Furthermore, Adage ransomware might want to ensure its automatical boot process by using the Windows Registry and injecting specific entries into this section. In addition, the malware can try to avoid antimalware detection and not be able to detect by some particular AV engines. However, according to VirusTotal, this ransomware virus has already been spotted by 58 antivirus programs.
Adage ransomware can also be the source of other malicious infections and come to your system together with another type of parasite, for example, a Trojan horse. This way your computer system and its components might experience even more damage. However, this is how cyber threats work, they make your system vulnerable and allow other infections to manipulate it.
The only way to avoid all these dangerous activities is to remove Adage ransomware from your computer permanently. You can complete the elimination with the help of a reliable antimalware program. However, we do not recommend trying to get rid of the malware on your own as this process might be too hard for a user to carry out on his own.
After Adage ransomware removal, you should check the system for possible corruption. The malware and its additional components might have managed to compromise some of your computer’s parts or software. If you are looking for a tool that might help you to fix the damage, we recommend downloading and installing Reimage Reimage Cleaner .
When Adage ransomware is gone and the damage is fixed, you can start thinking about possible ways to decrypt your data. Once again, we do not recommend contacting the criminals and paying them as you might get easily scammed. Instead, go to the end of this article and check out the data recovery methods that have been provided by our specialists.
Ransomware distribution involves phishing techniques
According to cybersecurity specialists from LosVirus.es, ransomware viruses have multiple distribution sources, however, one of the most popular appears to be email spam. Criminals pretend to be from legitimate and well-known shipping organizations, healthcare firms, banking companies, etc.
They attach the infected payload as an executable, word document, or another type of file and encourage the victims to open it. Our suggestion would be to always check the sender so that the message would not be sent from some rogue address, always look grammar mistakes in the message’s context and avoid opening attachments without performing a malware scan.
Continuously, ransomware infections can get distributed via vulnerable RDP configuration. Ports such as the TCP port 3389 lack required protection or include none. This way the hackers can remotely connect to the computer and break through. Make sure that you always think about complex and strong passwords.
In addition, ransomware viruses are known for their ability to infect the targeted computer system by malvertising, malicious hyperlinks, fake software updates, exploit kits, outdated software, etc. Always be careful while browsing online, do not step on unknown content, get all of your programs from well-known sources, keep them regularly updated. Besides, make sure that your computer is protected with a reliable antimalware program that also is kept up-to-date.
Adage ransomware removal techniques
Adage ransomware removal is based on automatical technique. This includes downloading reliable antimalware software and eliminating the malware with the tool. This type of software is capable of dealing with the entire process safely and effectively. We do not recommend completing the elimination process by yourself as it might bring more damage than positive effects. Also, you can accidentally miss some malicious content and leave it hanging.
Once you remove Adage ransomware, you should try scanning your computer system and searching for compromised and damaged objects. Tools such as SpyHunter 5Combo Cleaner and Malwarebytes should help you to succeed in this type of process. If these programs announce some corruption discovered, you can continue fixing the damage by trying software such as Reimage Reimage Cleaner .
When Adage ransomware is gone and all of the damage has been fixed, you can try recovering your encrypted files by using some of our below-provided data restoring techniques. Once again, we want to remind all users that there is a high risk of getting scammed if you decide to pay the ransom price to the cybercriminals.
Remove Adage using Safe Mode with Networking
Disable all malicious processes on your Windows computer by activating the Safe Mode with Networking feature. To complete this task, use these below-provided guidelines:
- Windows 7 / Vista / XP
- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list
Windows 10 / Windows 8
- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Log in to your infected account and start the browser. Download Reimage Reimage Cleaner or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Adage removal.
If your ransomware is blocking Safe Mode with Networking, try further method.
Remove Adage using System Restore
Stop all malware-laden activities on your machine by opting for System Restore. Use this feature exactly as described in the following instructions:
Bonus: Recover your data
Guide which is presented above is supposed to help you remove Adage from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.
If your files are encrypted by Adage, you can use several methods to restore them:
Data Recovery Pro might help you with file restoring purposes.
This piece of software can help you with data recovery purposes if you use it exactly as explained in the instructions.
- Download Data Recovery Pro;
- Follow the steps of Data Recovery Setup and install the program on your computer;
- Launch it and scan your computer for files encrypted by Adage ransomware;
- Restore them.
Try using Windows Previous Versions feature for data recovery.
You can try using this method for restoring some data. However, make sure that you have enabled the System Restore feature in the past.
- Find an encrypted file you need to restore and right-click on it;
- Select “Properties” and go to “Previous versions” tab;
- Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.
Currently, cybersecurity experts are working on the Adage ransomware decryptor.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Adage and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner or Malwarebytes
This entry was posted on 2019-12-19 at 09:40 and is filed under Ransomware, Viruses.