The Top virus belongs to the Phobos ransomware family. Ransomware of such sort encrypts all user’s data on the computer (images, text files, excel tables, audio files, videos, etc) and adds its own extension to every file, creating the info.txt files in each directory which contains the encrypted files.
What is known about the Top virus?
☝️ Top is a Phobos family ransomware-type malicious agent.
The renaming will be done by the following pattern: .[[email protected]].top. As a part of encryption, a file named, for example, “report.docx” will be turned into “report.docx.id[9ECFA84E-3449].[[email protected]].top”.
In every folder that contains the encoded files, a info.txt text document will be created. It is a ransom money note. It contains information on the ways of contacting the racketeers and some other information. The ransom note most probably contains instructions on how to buy the decryption tool from the Top developers. You can obtain this decryptor after contacting [email protected], [email protected] through email. That is it.
Top Summary:
| Name | Top Virus |
| Ransomware family1 | Phobos ransomware |
| Extension | .[[email protected]].top |
| Ransomware note | info.txt |
| Contact | [email protected], [email protected] |
| Detection | Win32/Battdil.I, Trojan.Dropper.CAB, Win32/TrojanDownloader.AutoHK.GS |
| Symptoms | Your files (photos, videos, documents) get a .[[email protected]].top extension and you can’t open them. |
| Fix Tool | See If Your System Has Been Affected by Top virus |
The info.txt document accompanying the Top malware provides the following dispiriting information:
All your files have been encrypted! All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected] Write this ID in the title of your message - In case of no answer in 24 hours write us to this e-mail:[email protected] You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files. Free decryption as guarantee Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click \'Buy bitcoins\', and select the seller by payment method and price. hxxps://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: hxxp://www.coindesk.com/information/how-can-i-buy-bitcoins/ Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
In the screenshot below, you can see what a directory with files encrypted by the Top looks like. Each filename has the “.[[email protected]].top” extension appended to it.
![Top Virus - encrypted .[topcorp@usa.com].top files](https://howtofix.guide/wp-content/uploads/2023/08/Top-files-virus.jpg)
That is how encrypted “.[[email protected]].top” files look.
How did Top ransomware end up on my PC?
There is a huge number of possible ways of ransomware injection.
There are currently three most popular ways for malefactors to have the Top virus working in your digital environment. These are email spam, Trojan introduction and peer networks.
- Another thing the hackers might try is a Trojan virus model. A Trojan is a program that infiltrates into your PC pretending to be something else. For instance, you download an installer for some program you want or an update for some software. However, what is unboxed reveals itself a harmful program that encrypts your data. As the installation wizard can have any name and any icon, you have to make sure that you can trust the source of the things you’re downloading. The optimal way is to trust the software developers’ official websites.
- As for the peer-to-peer networks like torrents or eMule, the danger is that they are even more trust-based than the rest of the Web. You can never guess what you download until you get it. So you’d better be using trustworthy resources. Also, it is reasonable to scan the folder containing the downloaded items with the anti-malware utility as soon as the downloading is complete.
How to remove ransomware?
It is important to note that besides encrypting your files, the Top virus will most likely install Vidar Stealer on your computer to get access to credentials to various accounts (including cryptocurrency wallets). The mentioned spyware can derive your logins and passwords from your browser’s auto-filling cardfile.
How do I avoid ransomware infection?
Top ransomware has no superpower, neither does any similar malware.
You can defend your system from its infiltration taking three easy steps:
- Ignore any emails from unknown mailboxes with strange addresses, or with content that has nothing to do with something you are expecting (can you win in a money prize draw without even taking part in it?). If the email subject is likely something you are waiting for, scrutinize all elements of the dubious letter with caution. A hoax email will surely have mistakes.
- Do not use cracked or untrusted software. Trojans are often spreaded as a part of cracked products, possibly under the guise of “patch” to prevent the license check. But potentially dangerous programs are very hard to distinguish from reliable ones, as trojans may also have the functionality you seek. Try searching for information on this program on the anti-malware forums, but the optimal solution is not to use such programs at all.
Frequently Asked Questions
🤔 Are the “.[[email protected]].top” files accessible?
Unfortunately, no. You need to decipher the “.[[email protected]].top” files first. Then you will be able to open them.
🤔 What should I do to make my files accessible as fast as possible?
If the “.[[email protected]].top” files contain some really important information, then you probably have them backed up. If not, there is still a function of System Restore but it needs a Restore Point to be previously saved. There are other ways to beat ransomware, but they take time.
🤔 What to do if the Top virus has blocked my PC and I can’t get the activation key.
🤔 What can I do right now?
Some of the encrypted files can be located elsewhere.
- If you sent or received your important files via email, you could still download them from your online mailbox.
- You may have shared images or videos with your friends or relatives. Simply ask them to give those pictures back to you.
- If you have initially downloaded any of your files from the Web, you can try doing it again.
- Your messengers, social media pages, and cloud storage might have all those files too.
- It might be that you still have the needed files on your old PC, a portable device, mobile, external storage, etc.
USEFUL TIP: You can use file recovery utilities2 to get your lost data back since ransomware arrests the copies of your files, deleting the original ones. In the tutorial below, you can learn how to use PhotoRec for such a recovery, but be advised: you can do it only after you remove the virus with an anti-malware program.
Leave a Comment