เรียน ฝ่ายบริการ
Norton มีตัวแก้ไขไวรัส .Eking ไหมครับ
File.xlsx.id[1E03FEB7-2930].[r4ns0m @ tutanota . com] .eking
All: Wondering if this is a variant of Phobos? On the Malwarebytes site they discuss that here, at length. Over on the McAfee website they offer a free ransomware recovery tool that may be of assistance. The OP, if using the tool will be doing so at their own risk.
Cheers
I believe these guides only show how to remove the original payload package. Once the users files have been encrypted there is virtually no way to decrypted them short of obtaining the key. There are some tools that can be tried but, there's no guarantee they'll work.
A couple of Important Notes:
Unfortunately, it is not currently possible to decrypt the files encrypted by the [Decphob@tuta.io].eking ransomware. It may, though, be possible in the future if the decryption keys are recovered from the cybercriminals’ servers. Therefore, if you do not plan on paying the ransom, it is advised that you make an image of the encrypted drives so that you can possibly decrypt them in the future.
It’s important to understand that by starting the removal process you risk losing your files, as we cannot guarantee that you will be able to recover them. Your files may be permanently compromised when trying to remove this infection or trying to recover the encrypted documents. We cannot be held responsible for losing your files or documents during this removal process.
It’s recommended to create a backup image of the encrypted drives before proceeding with the below malware removal instructions.
Not sure if this would be of any help in the OP's case:
From the folks at BleepingComputer Shade Ransomware shuts down, releases 750K decryption keys
https://unboxhow.com/cybersecurity/remove-eking-ransomware(link is external)
Am I right in pointing out that the second link method does not restore the encrypted files but, perhaps, just restore the Windows installation without them?
Here is a separate article that guides users of various methods to recover their encrypted files. However, the ransomware makes sure the files may not be unlocked by other tools, but you should try them out.
????
FWIW ~ Google Search
According to Google Translate this Thai message reads
Dear service department
Can anyone help with the rest?