Has Phobos Ransomware encrypted your data? If yes, then it is a company-wide encryption. Learn more about the Phobos ransomware, its decryption, recovery, removal and statistics. Or, you can contact our awesome 24/7 cybersecurity ransomware data recovery experts and get a FREE assessment of the damages.
It doesn’t matter what your organization is, or where you are physically located. We handle all operations remotely and help you in recovering your precious data.
When you are unable to access your data, and get notice that your files have been hacked and you have to pay a ransom to decrypt them, it may mean you’re infected with Phobos Ransomware.
First observed back in October 2017, Phobos Ransomware is a strain of new ransomware virus that closely relates itself to the Dharma Ransomware. It uses AES 256-bit encryption standard, making it virtually impossible to recover your files with a free decryptor tool.
BeforeCrypt is a licensed and registered Cyber Security company and we’re here to help you in data recovery process. We understand your pain and frustration Thanks to our experience and knowledge, we can recover 100% of your encrypted data in the vast majority of most cases.
Phobos uses AES-256 military grade encryption technology to hold your corporation hostage. Any attempts towards recovering the data with a quick fix will likely be in vain. Let experts like BeforeCrypt handle the matter for you.
The groups that operate Phobos ransomware have been targeting large organizations. As such the ransom amounts have been very high.
The average Phobos ransom amount is somewhere between $5,000–$25,000. In addition, approximately 10% of Bitcoin exchange fees will apply to the use of quick-buy methods such as PayPal or credit card.
The Phobos ransomware downtime is a bit longer than normal ransomware attacks. The manual process of email-based communication with the attackers can add a considerable delay in the response time.
Depending on your company size and how often you use IT-systems in your daily business, this is the most expensive part of this incident. Additional to the unavailability of your IT-systems, this is damaging your company reputation.
Your goal should be to get your systems back to a productive state as soon as possible. The best way to do this is to call in experts, which have a vast knowledge of Phobos ransomware and get the IT-systems back up running.
There is a high chance to get a working Phobos decryptor after paying the attackers. But there’s never a guarantee to get a working decryption key at all.
Some attackers have a good reputation for providing working Phobos decryptors. Others are known as scammers and will never provide a decryption tool.
Unfortunately, hackers will receive the ransom payment and get away with it, leaving the victim in cold waters.
The most common attack vector for Phobos ransomware is an unsecured RDP-Connection (Remote Desktop Protocol) followed up by phishing emails and security vulnerabilities.
This is an average Phobos ransomware note.
All your files have been encrypted! All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected] Write this ID in the title of your message 000QQQ If there is no response from our mail, you can install the Jabber client and write to us in support of [email protected] You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Free decryption as guarantee Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/
UNITED STATES
UNITED KINGDOM
GERMANY
!!! All your data is encrypted !!!
To decrypt them send email to this address: [email protected]
If there is no response from our mail, you can install the Jabber client and write to us in support of [email protected]Almost always, there is a * .txt file in every folder that has been encrypted. The text file usually has the name “info.txt” and contains all the necessary information to contact the Phobos Ransomware attackers to get your data back. It’s usually safe to open this file, just be sure the full file extension is *.txt.
Sometimes the attackers leave the encrypted files without any Phobos ransomware notes. The file name contains a generic and customized ID number and the attackers’ email. This Phobos ID number is always individual, and sometimes there are additional IDs if more than one system got encrypted by Phobos ransomware. The appended file extensions depend on the Phobos ransomware variant.
The most common ones are .acute, .actin, .Acton, .actor, .Acuff, .Acuna, .acute, .adage, .Adair, .Adame, .banhu, .banjo, .Banks, .Banta, .Barak, .Caleb, .Cales, .Caley, .calix, .Calle, .Calum, .Calvo, .deuce, .Dever, .devil, .Devoe, .Devon, .Devos, .dewar, .eight, .eject, .eking, .Elbie, .elbow, .elder, .phobos, .help, .blend, .bqux, .com, .mamba, .KARLOS, .DDoS, .phoenix, .PLUT, .karma, .bbc, .CAPITAL
Yes, we can help you to decrypt Phobos ransomware variants. Depending on the variant and version of Phobos ransomware, it could be possible that there is a Phobos decryptor or a recovery option available. Please fill out the Ransomware Data Recovery form, if you need help from ransomware experts in this emergency situation. You can also use free websites to check for a public available Phobos decryptor method, too. If you want to learn more about Phobos ransomware itself, please visit the Phobos ransomware variant page.
Depending on the Phobos variant, there are different types of decryptors. Phobos ransomware is based on a 2-way decryption process. You will receive a decryptor executable, mostly called “decryptor.exe”, which first is used to scan the entire computer, network drives, external HDDs and other removable devices. After this scan has finished, you get a “Request code”, this contains the public key request, and it is completely individual for each victim.
This “Request code” is sent over to the attackers, who then generate your decryption keys. The keys generated are unique for each person. A decryption key which you get from another victim, who has already received a Phobos decryption key, will not work for you.
Phobos ransomware creates multiple Windows registry entries, creates hidden executable files and sometimes opens a backdoor in firewalls for further access. There are multiple steps necessary, including the cleaning up of the Windows registry, scanning for malware and the manual cleanup of the Phobos ransomware. Depending on the system environment, it is sometimes safer and faster to reinstall the operating system.
The most common attack vector for Phobos ransomware is an unsecured RDP-Connection (Remote Desktop Protocol). It is followed up by phishing emails and security vulnerabilities.
