eKing Ransomware Recovery

Has eKing ransomware encrypted your data? If so, it may be an emergency, but it’s important to stay calm. Learn more about eKing ransomware, decryption, recovery, removal and statistics. You can also contact our awesome emergency response team of cybersecurity ransomware data recovery experts 24/7 and get a FREE and immediate assessment of the damages.

We handle cases for all sizes of organizations, worldwide. All operations are managed remotely by our team of highly specialized technicians. We can help you in recovering your data through a fast and efficient ransomware removal and remediation process.

How do I know if eKing Ransomware has infected my system?

If you are unable to access your data, receive notice that your files have been encrypted, and see a demand for a ransom to regain access, it may mean your system is infected with eKing ransomware.

eKing Ransomware is a variant of the Phobos Ranswomare family  and has been known to the cybersecurity community since August of 2021. Files encrypted by eKing generally have “eking” as a file extension. It uses both AES encryption standards. There is currently no known free decryptor for eKing.

  • How do you know if eKing Ransomware has encrypted your data?
  • eKing Ransomware creates and leaves a text file named *info.txt* or “info.hta” on your Desktop, or sometimes in each encrypted folder.


  • Your file extensions change to “.eking”, along with a ransom note which instructs you to visit a hidden service where attackers attempt to extort you.


  • You suddenly notice no desktop wallpaper, or your wallpaper has been changed to communicate a threatening message as an extension to the ransom note.


  • Your CPU is pegged at 100% utilization, even when intensive applications do not appear to be in use.
  • Your Desktop PC or laptop is extremely slow and operating at a speed which is much more sluggish than usual.
  • The hard disk appears to be reading and writing at 100% capacity in the background, even though no drive intensive applications are in use.
  • You are unable to use your antivirus software or find it deactivated.

What should I do if and when my data has been encrypted by eKing?

  • Disconnect your system from the network immediately. For more details, please visit our complete guide to Ransomware Response.
  • It is better NOT to talk with the attackers, as they are skilled at taking advantage of inexperienced negotiators.
  • Report the crime to the relevant law enforcement authorities. For a list of relevant offices, see our directory.
  • Ensure that the affected machine is shut down. If left on its own, eKing may continue encrypting your data in the background.
  • Talk to the experts. Get HELP now!

BeforeCrypt is a licensed and registered Cyber Security firm and we’re here to help you with eKing ransomware removal. We have lots of experience in this field, so we know how difficult this situation is. Thanks to our expertise and knowledge, we can recover 100% of your encrypted data in the vast majority of cases.

eKing uses military grade encryption technology to hold your organization hostage. Any attempts at recovering the data with a quick fix are unlikely to work. BeforeCrypt is Europe’s leading ransomware recovery firm, and we can help you get back online as quickly as possible.

Keep calm! Contact us now for a free consultation and learn about your options!


The groups that operate eKing ransomware are known for targeting medium sized organizations. The gang is known to customize ransom demands based on the annual revenue of their victims.

The average eKing ransom amount ranges from $5,000-$30,000. Ransoms are usually paid in Bitcoin. Most quick-buy methods of purchasing Bitcoin via methods like PayPal or credit card will also apply a fee of up to 10%.

The eKing ransomware downtime is a bit longer than other ransomware attacks. The manual process of email-based communication with the attackers can add a considerable delay in the response time.

Depending on your company size and how often you use systems in your day to day business, this is the most expensive part of this incident. Additional to the unavailability of your systems, this is damaging your company reputation.

Your goal should be to get your systems back to a productive state as soon as possible. The best way to do this is to call in experts, which have a vast knowledge of eKing ransomware and get the IT-systems back up running.

In our experience, a successful ransom payment usually results in getting a working eKing decryptor. Decryptor tools do take work to maintain, however, so not all attackers have working tools.

It’s important to know which gang you are dealing with. Some attackers are careful to maintain a good reputation, and always provide working eKing decryptors. Others are known to be scammers, and will never provide a decryptor after receiving payment.

The most common attack vector for eKing ransomware is phishing.

NameeKing / eKing Locker/ eKing Ransomware
Danger leverVery High. Advanced Ransomware which makes system changes and encrypts files
Release date2021
OS AffectedWindows
Appended files extensions.eking
Ransom note"info.txt" or "info.hta"
Contact Email Address[email protected][email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], dr.cryp[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], cod[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], hi[email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], resp0nse1999@tutanota.com, [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Known scammersNone


eKing Ransomware Note #1: .txt Notice

This is an average eKing ransomware note.

All your files have been encrypted!
Your PC has been infected by a ransomware. If you want to restore them, contact the following address below.
E – Mail contact – [email protected] / [email protected]
If there is no answer in 24 hours. Try to contact us via Sonar.
– Download TOR browser
– While using your TOR browser copy and paste the URL below:
– Register an account and message us in our ID : decphob
– If the TOR link is not working go to hxxps://onion.live
Write this ID in the title of your message –
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
Where to buy bitcoins?
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

“original filename*.original extension*.eking”

Need fast help with eKing ransomware recovery? Contact us now and get instant help from ransomware experts

Ransomware Recovery Data