Phobos Ransomware

Posted by Max Lehmann on November 6, 2017

What is Phobos Ransomware?

If the majority of your files located in %USERPROFILE% and other major directories have received a new extension ID.email.PHOBOS, Phobos Ransomware must have infiltrated your computer successfully and encrypted your files. While some other infections are developed to steal personal information, there is no doubt that cyber criminals develop ransomware infection for money extortion. It will demand a ransom from you too after encrypting your files. Do not transfer money to malicious software developers because your files might stay encrypted even if you make a payment. What we recommend for you is the full Phobos Ransomware removal. You cannot leave any components of this ransomware infection active on your computer because it might lock new files you create if you do not delete it fully from your system. It seems that Phobos Ransomware does not make any major modifications on users’ PCs except for encrypting their files, so we do not think that you will find it very hard to get rid of this threat. Of course, before you start the removal procedure, read what specialists working at anti-spyware-101.com have to say about it.test

What does Phobos Ransomware do?

Phobos Ransomware is a newly-detected ransomware infection, but it does not differ much from older crypto-threats. Researchers have noticed that it also goes to encrypt users’ personal files the first thing after the successful infiltration. As mentioned in the 1st paragraph, it appends ID.email.PHOBOS to all files it encrypts, so it becomes soon clear which files it has encrypted. It is already too late to do something about this, but you can protect your new files by deleting Phobos Ransomware fully from your computer. Of course, the first symptom showing that the ransomware infection has entered your PC successfully is the appearance of a bunch of encrypted files, but it is not the only sign for sure. You should also be able to locate a new file Phobos.hta if this infection has really been installed on your computer. This file is a ransom note, but you will not find the price of the decryption tool indicated there. It only contains an email address belonging to cyber criminals: OttoZimmerman@protonmail.ch. You can write an email to them if you want to, but we are sure you will be asked to transfer a ransom, so we see no point why you should contact them. Do not pay money to malicious software developers even if very important files have been encrypted because you might not get a tool to decrypt them. Cyber criminals only want users’ money, so when they get it, they usually forget their promises. It might be impossible to unlock files without the special decryptor. A free decryptor might be developed in the future, but the only way to get files back for free now is to restore them from a backup. This backup must be located outside the system, e.g., on an external device.

Where does Phobos Ransomware come from?

It is not very easy to talk about the distribution of Phobos Ransomware because it is not actively distributed malware. Despite the fact that it is not prevalent yet, specialists working at anti-spyware-101.com still have an opinion about its distribution. According to them, it should be spread like other ransomware infections. That is, it should travel in spam emails as an attachment. If users open the malicious attachment, the ransomware infection is installed on their PCs immediately and starts encrypting files. It is a popular distribution method to spread ransomware infections, so you should stay away from all spam emails you receive. Keep in mind that they might appear next to your decent emails too, so you should be careful with all emails whose senders you do not know.

How to delete Phobos Ransomware

Phobos Ransomware has not created new registry entries on your system, and it has not made copies of itself on your computer. As a consequence, its removal should not be very complicated. Of course, if you do not know where to start, let our step-by-step instructions help you. The manual method is always more time-consuming if compared to the automatic one, so if you want to erase this malicious application quicker and easier, you should acquire the automated malware remover and scan your system with it. The automated malware remover will not remove the ID.email.PHOBOS extension from your files. Yes, they will stay encrypted even if you delete the ransomware infection fully.

Phobos Ransomware removal guide

  1. Launch Windows Explorer by tapping Win+E simultaneously on your keyboard.
  2. Delete all suspicious files from these directories:
  • %USERPROFILE%\Downloads
  • %USERPROFILE%\Desktop
  • %TEMP%
  1. Remove the ransom note Phobos.hta dropped by Phobos Ransomware.
  2. Empty Recycle bin. 100% FREE spyware scan and
    tested removal of Phobos Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *