Phreaker ransomware (virus) - Recovery Instructions Included

What is Phreaker ransomware?

Phreaker ransomware uses encryption to lock files on your computer and asks for money

Ransomware infections can be devastating to those who do not have backups

Phreaker ransomware is a malicious program that uses complicated encryption algorithms to lock users' personal files, like photos, videos, and documents. The variant belongs to the Chaos ransomware family. Besides locking people's data, it changes the desktop wallpaper.

When the file-locking virus infiltrates the system, it appends the affected files with an extension that consists of four random characters. The icons are also changed to white pages so thumbnails are unavailable. Encrypted files are impossible to open. Such infections can result in permanent data loss if users do not have backups.

The ransom note

Phreaker ransomware generates a ransom note read_it.txt on the machine, which reads as follows:

Phreaker malware has infected your machine.
Lucky for you this is based out of America and we pride ourseleves on helping you get your files back.

Send a small bitcoin payment off 100$ to
19DpJAWr6NCVT2oAnWieozQPsRK7Bj83r4

Email @protonmail of your payment and public key to recieve your private key and decryptor.

You may notice that the ransom note lacks the attackers' contact information. This indicates that this variant is still in development and has been released for testing purposes. As usual, cybercriminals want to get paid for a decryption key. They ask for $100 to be paid in Bitcoin which is a cryptocurrency.^[1]

Threat actors choose this type of payment because it provides anonymity. However, we strongly advise against paying the ransom because cyber criminals cannot be trusted. Many previous ransomware attack victims say that they never received the promised decryption tools.

Although it is almost impossible to decrypt data without the cybercriminals' help, there are third-party recovery solutions that help in some cases. We have instructions on how to use them in this post. Sometimes, threat actors release decryption keys to the public, so you can also try waiting.

This malware may be in development so it is unlikely victims will receive decryption keys

Distribution methods

Cybercriminals use a variety of tactics to spread ransomware. The most common infection channels are Torrent websites and peer-to-peer file-sharing platforms. Some users look where to install “cracked” software.^[2] However, platforms that distribute them are unregulated. It is impossible to know if the packages you are downloading do not contain any malicious files.

Another method that crooks use is email. They can create convincing letters using social engineering that look like urgent messages from well-known companies. They include infected attachments or malicious links. Once opened, they launch the malicious program. That is why it is best to only open email attachments from senders you know.

One of the most important things but often overlooked is keeping your operating system and software updated. Hackers can use software vulnerabilities^[3] to deliver their malicious programs. Software developers regularly release security patches that should be installed as soon as they come out if you want to ensure your system is protected.

Use professional security tools

The thing that you have to do immediately is to disconnect the affected machine from the local network. Disconnecting the ethernet cable or disabling the Wi-Fi should do the job for home users. If this happened at your workplace, doing that might be complicated, so we have separate instructions for you at the bottom of this post.

If you try to recover your data first, it can result in permanent loss. Malware can also encrypt your files the second time if it is not eliminated first. It will not stop until you remove the malicious files causing it. You should not attempt removing the malicious program yourself unless you have excellent IT skills.

Use anti-malware tools like SpyHunter 5Combo Cleaner or Malwarebytes to scan your system. This security software should find all the related files and entries and remove them automatically for you. In some cases, malware can prevent you from using antivirus software, so you need to access Safe Mode and perform a full system scan from there:

Windows 7 / Vista / XP

1. Click Start > Shutdown > Restart > OK.
2. When your computer becomes active, start pressing the F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
3. Select Safe Mode with Networking from the list.

Windows 10 / Windows 8

1. Right-click on the Start button and select Settings.
   
2. Scroll down to pick Update & Security.
3. On the left side of the window, pick Recovery.
4. Now scroll down to find the Advanced Startup section.
5. Click Restart now.
6. Select Troubleshoot.
7. Go to Advanced options.
8. Select Startup Settings.
9. Click Restart.
10. Press 5 or click 5) Enable Safe Mode with Networking.

Fix system errors

Performance, stability, and usability issues, to the point where a complete Windows reinstall is required, are expected after a malware infection. These types of viruses can alter the Windows registry database, damage vital bootup, and other functions, delete or corrupt DLL files, etc. Once a system file is damaged by malware, antivirus software will not able to repair it.

This is why FortectIntego was developed. This powerful software can fix a lot of the damage caused by Phreaker ransomware. Blue Screen errors,^[4] freezes, registry errors, damaged DLLs, etc., can make your computer completely unusable. By using this maintenance tool, you could avoid Windows reinstallation.

• Download the application by clicking on the link above
• Click on the ReimageRepair.exe
  
• If User Account Control (UAC) shows up, select Yes
• Press Install and wait till the program finishes the installation process
• The analysis of your machine will begin immediately
• Once complete, check the results – they will be listed in the Summary
• You can now click on each of the issues and fix them manually
• If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.

File recovery options

Many people think that they can fix their files with anti-malware tools, but that is not what they are designed for. All the security tools can do is detect suspicious processes in your system and eliminate them. The truth is, that the files can be restored only with a decryption key or software that only the cybercriminals have.

If you did not back up your data previously, it might be possible that you will never get them back. You can try using data recovery software, but we have to note that third-party programs cannot always decrypt the files. We suggest at least trying this method. Before proceeding, you have to copy the corrupted files and place them in a USB flash drive or another storage. And remember – only do this if you have already removed the Phreaker ransomware.

Before you begin, several pointers are essential while dealing with this situation:

• Since the encrypted data on your computer might permanently be damaged by security or data recovery software, you should first make backups of it – use a USB flash drive or another storage.
• Only attempt to recover your files using this method after you perform a scan with anti-malware software.

Install data recovery software

1. Download Data Recovery Pro.
2. Double-click the installer to launch it.
3. Follow on-screen instructions to install the software.
4. As soon as you press Finish, you can use the app.
5. Select Everything or pick individual folders where you want the files to be recovered from.
6. Press Next.
7. At the bottom, enable Deep scan and pick which Disks you want to be scanned.
8. Press Scan and wait till it is complete.
9. You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
10. Press Recover to retrieve your files.