Adage ransomware – a Phobos malware variant that can encrypt some files stored in the backup

Adage ransomware is one of the latest Phobos ransomware variants that appends the .adage extension to each locked file. The infection starts by modifying the Windows Registry[1] and Task Manager settings. The malware ensures that it is able to launch within every computer boot process and starts the encryption process by using a unique cipher. When all files and documents are locked, Adage virus provides a ransom-demanding message via info.hta and info.txt formats, places these notes on the desktop and a copy of each to every folder that includes encrypted data. The criminals urge for a Bitcoin payment and making contact via wewillhelpyou@qq.com email address. Additionally, they recommend sending five small files for free decryption if evidence of the existing decryption tool is wanted.
| Name | Adage ransomware |
|---|---|
| Type | Malware |
| Sub-type | Ransomware virus |
| Appendix | When files get encrypted by using a unique encryption cipher, their filenames end up with the .adage appendix added |
| Ransom note | The criminals provide all the information about ransom demands, encryption, and decryption in the info.hta and info.txt files which are placed on the computer's desktop and in each folder that hold encrypted data |
| Price | There are no particular ransom demands provided in the messages, except that the crooks urge for a Bitcoin cryptocurrency transfer. The ransom price can vary anywhere from $50 to $2000 |
| Crooks' email | The criminals include wewillhelpyou@qq.com email address into the ransom note as a way to make contact and allow the victims to send them 5 files for free decryption |
| Removal | You should eliminate the ransomware virus as soon as you see it on your Windows computer system. For this purpose, use strong antimalware software as manual elimination is not a good possibility for this case |
| Fix | If you have found some compromised system objects, you can try repairing them with software such as FortectIntego |
| File recovery | We do not recommend paying the demanded ransom price as you can easily get scammed. Instead, go to the end of this article and try the data recovery solutions that are provided there |
A victim has reported that Adage ransomware has attempted to lock all of his files not only on the computer system but some data components stored in the backup also got corrupted.[2] It seems that this malware string has a more advanced operating module and can affect data from various locations.
The criminals who spread Adage ransomware do not provide any particular ransom demands except that the price should be paid in Bitcoin cryptocurrency. In reality, the price can vary anywhere from $50 to $2000. The hackers also threaten people not to use third-party decryption software as it might result in permanent loss of the files:
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail veritablebee@protonmail.ch
Write this ID in the title of your message 1E857D00-2321
In case of no answer in 24 hours write us to this e-mail:viadolorosa@tuta.io
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
hxxps://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
We do not recommend paying the criminals and believing in Adage ransomware promises as there is a big risk of getting scammed by these people. You might be asked to pay an inadequate amount of money and receive no decryption tool at all.
Continuously, Adage ransomware might have a much more complex module than it looks for us from the first view. The malware might eliminate the Windows hosts file to prevent the victim from accessing security-related websites and forums. Additionally, the virus might be able to delete Shadow Copies of encrypted data by executing specific PowerShell commands.

Furthermore, Adage ransomware might want to ensure its automatical boot process by using the Windows Registry and injecting specific entries into this section. In addition, the malware can try to avoid antimalware detection and not be able to detect by some particular AV engines. However, according to VirusTotal, this ransomware virus has already been spotted by 58 antivirus programs.[3]
Adage ransomware can also be the source of other malicious infections and come to your system together with another type of parasite, for example, a Trojan horse. This way your computer system and its components might experience even more damage. However, this is how cyber threats work, they make your system vulnerable and allow other infections to manipulate it.
The only way to avoid all these dangerous activities is to remove Adage ransomware from your computer permanently. You can complete the elimination with the help of a reliable antimalware program. However, we do not recommend trying to get rid of the malware on your own as this process might be too hard for a user to carry out on his own.
After Adage ransomware removal, you should check the system for possible corruption. The malware and its additional components might have managed to compromise some of your computer's parts or software. If you are looking for a tool that might help you to fix the damage, we recommend downloading and installing FortectIntego.
When Adage ransomware is gone and the damage is fixed, you can start thinking about possible ways to decrypt your data. Once again, we do not recommend contacting the criminals and paying them as you might get easily scammed. Instead, go to the end of this article and check out the data recovery methods that have been provided by our specialists.

Ransomware distribution involves phishing techniques
According to cybersecurity specialists from LosVirus.es,[4] ransomware viruses have multiple distribution sources, however, one of the most popular appears to be email spam.[5] Criminals pretend to be from legitimate and well-known shipping organizations, healthcare firms, banking companies, etc.
They attach the infected payload as an executable, word document, or another type of file and encourage the victims to open it. Our suggestion would be to always check the sender so that the message would not be sent from some rogue address, always look grammar mistakes in the message's context and avoid opening attachments without performing a malware scan.
Continuously, ransomware infections can get distributed via vulnerable RDP configuration. Ports such as the TCP port 3389 lack required protection or include none. This way the hackers can remotely connect to the computer and break through. Make sure that you always think about complex and strong passwords.
In addition, ransomware viruses are known for their ability to infect the targeted computer system by malvertising, malicious hyperlinks, fake software updates, exploit kits, outdated software, etc. Always be careful while browsing online, do not step on unknown content, get all of your programs from well-known sources, keep them regularly updated. Besides, make sure that your computer is protected with a reliable antimalware program that also is kept up-to-date.
Adage ransomware removal techniques
Adage ransomware removal is based on automatical technique. This includes downloading reliable antimalware software and eliminating the malware with the tool. This type of software is capable of dealing with the entire process safely and effectively. We do not recommend completing the elimination process by yourself as it might bring more damage than positive effects. Also, you can accidentally miss some malicious content and leave it hanging.
Once you remove Adage ransomware, you should try scanning your computer system and searching for compromised and damaged objects. Tools such as SpyHunterCombo Cleaner and MalwarebytesMalwarebytes should help you to succeed in this type of process. If these programs announce some corruption discovered, you can continue fixing the damage by trying software such as FortectIntego.
When Adage ransomware is gone and all of the damage has been fixed, you can try recovering your encrypted files by using some of our below-provided data restoring techniques. Once again, we want to remind all users that there is a high risk of getting scammed if you decide to pay the ransom price to the cybercriminals.
Was this guide helpful?
Be the first to comment