Adage ransomware – a Phobos malware variant that can encrypt some files stored in the backup
Adage ransomware - a dangerous computer parasite that can infiltrate other malicious infections into the computer system
Adage ransomware is one of the latest Phobos ransomware variants that appends the .adage extension to each locked file. The infection starts by modifying the Windows Registry and Task Manager settings. The malware ensures that it is able to launch within every computer boot process and starts the encryption process by using a unique cipher. When all files and documents are locked, Adage virus provides a ransom-demanding message via info.hta and info.txt formats, places these notes on the desktop and a copy of each to every folder that includes encrypted data. The criminals urge for a Bitcoin payment and making contact via email@example.com email address. Additionally, they recommend sending five small files for free decryption if evidence of the existing decryption tool is wanted.
|Appendix||When files get encrypted by using a unique encryption cipher, their filenames end up with the .adage appendix added|
|Ransom note||The criminals provide all the information about ransom demands, encryption, and decryption in the info.hta and info.txt files which are placed on the computer's desktop and in each folder that hold encrypted data|
|Price||There are no particular ransom demands provided in the messages, except that the crooks urge for a Bitcoin cryptocurrency transfer. The ransom price can vary anywhere from $50 to $2000|
|Crooks' email||The criminals include firstname.lastname@example.org email address into the ransom note as a way to make contact and allow the victims to send them 5 files for free decryption|
|Removal||You should eliminate the ransomware virus as soon as you see it on your Windows computer system. For this purpose, use strong antimalware software as manual elimination is not a good possibility for this case|
|Fix||If you have found some compromised system objects, you can try repairing them with software such as ReimageIntego|
|File recovery||We do not recommend paying the demanded ransom price as you can easily get scammed. Instead, go to the end of this article and try the data recovery solutions that are provided there|
A victim has reported that Adage ransomware has attempted to lock all of his files not only on the computer system but some data components stored in the backup also got corrupted. It seems that this malware string has a more advanced operating module and can affect data from various locations.
The criminals who spread Adage ransomware do not provide any particular ransom demands except that the price should be paid in Bitcoin cryptocurrency. In reality, the price can vary anywhere from $50 to $2000. The hackers also threaten people not to use third-party decryption software as it might result in permanent loss of the files:
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail email@example.com
Write this ID in the title of your message 1E857D00-2321
In case of no answer in 24 hours write us to this e-mail:firstname.lastname@example.org
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
We do not recommend paying the criminals and believing in Adage ransomware promises as there is a big risk of getting scammed by these people. You might be asked to pay an inadequate amount of money and receive no decryption tool at all.
Continuously, Adage ransomware might have a much more complex module than it looks for us from the first view. The malware might eliminate the Windows hosts file to prevent the victim from accessing security-related websites and forums. Additionally, the virus might be able to delete Shadow Copies of encrypted data by executing specific PowerShell commands.
Adage malware is one of the newest Phobos ransomware versions
Furthermore, Adage ransomware might want to ensure its automatical boot process by using the Windows Registry and injecting specific entries into this section. In addition, the malware can try to avoid antimalware detection and not be able to detect by some particular AV engines. However, according to VirusTotal, this ransomware virus has already been spotted by 58 antivirus programs.
Adage ransomware can also be the source of other malicious infections and come to your system together with another type of parasite, for example, a Trojan horse. This way your computer system and its components might experience even more damage. However, this is how cyber threats work, they make your system vulnerable and allow other infections to manipulate it.
The only way to avoid all these dangerous activities is to remove Adage ransomware from your computer permanently. You can complete the elimination with the help of a reliable antimalware program. However, we do not recommend trying to get rid of the malware on your own as this process might be too hard for a user to carry out on his own.
After Adage ransomware removal, you should check the system for possible corruption. The malware and its additional components might have managed to compromise some of your computer's parts or software. If you are looking for a tool that might help you to fix the damage, we recommend downloading and installing ReimageIntego.
When Adage ransomware is gone and the damage is fixed, you can start thinking about possible ways to decrypt your data. Once again, we do not recommend contacting the criminals and paying them as you might get easily scammed. Instead, go to the end of this article and check out the data recovery methods that have been provided by our specialists.
Adage ransomware is a file-encrypting cyber threat that appends the .adage extension to each filename of an encrypted component
Ransomware distribution involves phishing techniques
According to cybersecurity specialists from LosVirus.es, ransomware viruses have multiple distribution sources, however, one of the most popular appears to be email spam. Criminals pretend to be from legitimate and well-known shipping organizations, healthcare firms, banking companies, etc.
They attach the infected payload as an executable, word document, or another type of file and encourage the victims to open it. Our suggestion would be to always check the sender so that the message would not be sent from some rogue address, always look grammar mistakes in the message's context and avoid opening attachments without performing a malware scan.
Continuously, ransomware infections can get distributed via vulnerable RDP configuration. Ports such as the TCP port 3389 lack required protection or include none. This way the hackers can remotely connect to the computer and break through. Make sure that you always think about complex and strong passwords.
In addition, ransomware viruses are known for their ability to infect the targeted computer system by malvertising, malicious hyperlinks, fake software updates, exploit kits, outdated software, etc. Always be careful while browsing online, do not step on unknown content, get all of your programs from well-known sources, keep them regularly updated. Besides, make sure that your computer is protected with a reliable antimalware program that also is kept up-to-date.
Adage ransomware removal techniques
Adage ransomware removal is based on automatical technique. This includes downloading reliable antimalware software and eliminating the malware with the tool. This type of software is capable of dealing with the entire process safely and effectively. We do not recommend completing the elimination process by yourself as it might bring more damage than positive effects. Also, you can accidentally miss some malicious content and leave it hanging.
Once you remove Adage ransomware, you should try scanning your computer system and searching for compromised and damaged objects. Tools such as SpyHunter 5Combo Cleaner and Malwarebytes should help you to succeed in this type of process. If these programs announce some corruption discovered, you can continue fixing the damage by trying software such as ReimageIntego.
When Adage ransomware is gone and all of the damage has been fixed, you can try recovering your encrypted files by using some of our below-provided data restoring techniques. Once again, we want to remind all users that there is a high risk of getting scammed if you decide to pay the ransom price to the cybercriminals.
To remove Adage virus, follow these steps:
Manual Adage removal using Safe Mode
Disable all malicious processes on your Windows computer by activating the Safe Mode with Networking feature. To complete this task, use these below-provided guidelines:
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
- Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
After you are finished, reboot the PC in normal mode.
Remove Adage using System Restore
Stop all malware-laden activities on your machine by opting for System Restore. Use this feature exactly as described in the following instructions:
Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Command Prompt from the list
Windows 10 / Windows 8
- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Step 2: Restore your system files and settings
- Once the Command Prompt window shows up, enter cd restore and click Enter.
- Now type rstrui.exe and press Enter again..
- When a new window shows up, click Next and select your restore point that is prior the infiltration of Adage. After doing that, click Next.
- Now click Yes to start system restore.
Bonus: Recover your dataGuide which is presented above is supposed to help you remove Adage from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.
If your files are encrypted by Adage, you can use several methods to restore them:
Data Recovery Pro might help you with file restoring purposes.
This piece of software can help you with data recovery purposes if you use it exactly as explained in the instructions.
- Download Data Recovery Pro;
- Follow the steps of Data Recovery Setup and install the program on your computer;
- Launch it and scan your computer for files encrypted by Adage ransomware;
- Restore them.
Try using Windows Previous Versions feature for data recovery.
You can try using this method for restoring some data. However, make sure that you have enabled the System Restore feature in the past.
- Find an encrypted file you need to restore and right-click on it;
- Select “Properties” and go to “Previous versions” tab;
- Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.
Currently, cybersecurity experts are working on the Adage ransomware decryptor.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Adage and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes
Protect your privacy – employ a VPN
There are several ways how to make your online time more private – you can access an incognito tab. However, there is no secret that even in this mode, you are tracked for advertising purposes. There is a way to add an extra layer of protection and create a completely anonymous web browsing practice with the help of Private Internet Access VPN. This software reroutes traffic through different servers, thus leaving your IP address and geolocation in disguise. Besides, it is based on a strict no-log policy, meaning that no data will be recorded, leaked, and available for both first and third parties. The combination of a secure web browser and Private Internet Access VPN will let you browse the Internet without a feeling of being spied or targeted by criminals.
No backups? No problem. Use a data recovery tool
If you wonder how data loss can occur, you should not look any further for answers – human errors, malware attacks, hardware failures, power cuts, natural disasters, or even simple negligence. In some cases, lost files are extremely important, and many straight out panic when such an unfortunate course of events happen. Due to this, you should always ensure that you prepare proper data backups on a regular basis.
If you were caught by surprise and did not have any backups to restore your files from, not everything is lost. Data Recovery Pro is one of the leading file recovery solutions you can find on the market – it is likely to restore even lost emails or data located on an external device.