What is Sphinx Ransomware
Sphinx ransomware is the next creation of attackers working in the field of cryptoviruses and extorting money. Sphinx ransomware penetrates the user’s PC and almost instantly encrypts most personal data and files. For example, Sphinx ransomware encrypts photos, videos, archives, office documents and much more. In other words, the virus affects the most significant category of files, after which users are ready to go to almost anything to get their files back.
Moreover, in addition to encryption itself, Sphinx ransomware changes the file extension to .sphinx. If we talk about the genealogical relationship of this cryptovirus, then at the moment we have no data on this. Cryptovirus encrypts files using the two-stage AES+RSA algorithms. The activity of this cryptovirus was seen in mid-November 2019. In just a couple of days, Sphinx ransomware spread around the world. Also, Sphinx ransomware creates the HOW TO DECRYPT FILES.txt text file, which is a note by scammers about possible decryption methods. Here’s what this file looks like and what it contains:
// You are become victim of Sphinx ransomware!
[*] What Happened?
Your network is compromised and all your machines has been encrypted!
We have exploited your network vulnerabilities and encrypted all of your machines data with,
powerful hybrid cryptosystem, RSA-4096 and AES-256.
There is no way to break the encryption except with your network private key and special decryption software!
The only way to recover your data is buy them through our page on Hidden Network.
[*] How to Access Hidden Network?
1. Download Tor Browser – https://www.torproject.org/download/
2. Start it and wait for the load.
3. Visit link below with Tor Browser:
http://decrypt5bub45vpr.onion/7f6243f6ce9604fb762933bb4e72548e
4. Follow the instructions on our page.
[*] WARNING!
YOUR TIME TO PAY IS LIMITED TO 96 HOUR.
DON’T WASTE YOUR TIME TO SEARCH ON INTERNET, BEFORE OUR SERVICE REMOVE YOUR NETWORK PRIVATE KEY.
***
IF YOU DO NOT THINK ABOUT TO PAYMENT!
WE SELL YOU’R COMPANY’S PRIVATE DATA ON DARK MARKETS!
YOU CAN ASK US FOR PROOF ANY TIME!
***
According to this instruction, the user needs to use the Tor browser, then pay a ransom in bitcoins for providing the decryption key. Moreover, scammers indicate short deadlines, namely 96 hours for payment. Otherwise, this key will be deleted. Thus, the user is forced to pay as quickly as possible. Also, the exact amount is not indicated, however, according to our data, this can reach several thousand dollars. You do not need to pay. No one will ever give you guarantees that your files will be truly decrypted. We recommend you to use our recommendations to remove Sphinx ransomware and decrypt .sphinx files.
Well, there are 2 options for solving this problem. The first is to use an automatic removal utility that will remove the threat and all instances related to it. Moreover, it will save you time. Or you can use the Manual Removal Guide, but you should know that it might be very difficult to remove Sphinx ransomware manually without a specialist’s help.
Sphinx Removal Guide
Remember that you need to remove Sphinx Ransomware first and foremost to prevent further encryption of your files before the state of your data becomes totally useless. And only after that, you can start recovering your files. Removal must be performed according to the following steps:
- Download Sphinx Removal Tool.
- Remove Sphinx from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
- Restore .Sphinx files
- How to protect PC from future infections.
How to remove Sphinx ransomware automatically:
Thor Home may help you to get rid of this virus and clean up your system. In case you need a proper and reliable antivirus, we recommend you to try it.
Alternative solution – Malwarebytes
This program will find malicious files, hijackers, adware, potentially unwanted programs and will neutralize it. Also, Norton will help you clean your system properly.
If you’re Mac user – use this.
Manual Sphinx Removal Guide
Here are step-by-step instructions to remove Sphinx from Windows and Mac computers. Follow these steps carefully and remove files and folders belonging to Sphinx. First of all, you need to run the system in a Safe Mode. Then find and remove needed files and folders.
Uninstall Sphinx from Windows or Mac
Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:
Sphinx.dll
_readme.txt
readme.txt
Windows 7/Vista:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Sphinx by using Removal Tool;
- Delete found files;
Windows 8/8.1:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Sphinx by using Removal Tool;
- Delete found files;
Windows 10:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Sphinx by using Removal Tool;
- Delete found files;
Windows XP:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to Sphinx by using Removal Tool;
- Delete found files;
Mac OS:
- Restart the computer;
- Press and Hold Shift button, before system will be loaded;
- Release Shift button, when Apple logo appears;
- Find programs or files potentially related to Sphinx by using Removal Tool;
- Delete found files;
How to restore encrypted files
You can try to restore your files with special tools. You may find more detailed info on data recovery software in this article – recovery software. These programs may help you to restore files that were infected and encrypted by ransomware.
Restore data with Stellar Data Recovery
Stellar Data Recovery is able to find and restore different types of encrypted files, including removed emails.
- Download and install Stellar Data Recovery
- Choose drives and folders with your data, then press Scan.
- Select all the files in a folder, then click on Restore button.
- Manage export location. That’s it!
Restore encrypted files using Recuva
There is an alternative program, that may help you to recover files – Recuva.
- Run the Recuva;
- Follow instructions and wait until scan process ends;
- Find needed files, mark them and Press Recover button;
How to prevent ransomware infection?
It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.
Malwarebytes
SpyHunter is a reliable antimalware removal tool application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.