PhobosImposter Ransomware

What is PhobosImposter Ransomware?

PhobosImposter Ransomware is a threat that adds the .phobos extension to each file that it enciphers. The malicious application uses a strong encryption algorithm, which is why files that get affected become unusable unless a victim has a decryption tool. Sadly, usually, decryption tools cannot be downloaded from the Internet. That is because hackers are often the only ones who have such tools, and they provide them only to those who pay a ransom. Cybercriminals behind PhobosImposter Ransomware are not an exception as they claim they want to receive a payment in Bitcoins in the malware’s displayed ransom note. Before deciding what to do, we encourage you to find out more about this malicious application, which you can do if you read the rest of our article. If you decide you wish to erase PhobosImposter Ransomware, we recommend checking our removal instructions that you can find at the end of the text.

Where does PhobosImposter Ransomware come from?

One of the places where PhobosImposter Ransomware could be found is torrent websites and other unreliable file-sharing sites. The malware could be disguised as an update, a software installer, or a game crack on such web pages. Thus, if you visit such sites, we recommend being extra careful and scanning all files downloaded from there with a legitimate antimalware tool if you do not want to launch malicious data accidentally.

Also, it is possible that the malware’s creators could send disguised threat’s installers via email. Consequently, it is advisable to be cautious with files or links received with emails from unknown senders. Especially if such emails urge you to interact with the attached content. A smart thing to do would be to scan questionable attachments before opening them. Moreover, our specialists at Anti-spyware-101.com recommend securing Remote Desktop Protocol connections because if they are not, cybercriminals could be able to exploit this weakness to infect your system.

How does PhobosImposter Ransomware work?

PhobosImposter Ransomware should encrypt all files except executable files or, to be more precise, data with .exe extension. Also, the malicious application should place a second extension called .phobos to all of its encrypted files. For instance, a file titled document.pdf would turn into document.pdf.phobos after getting encrypted. As soon as all data that the malware is supposed to encrypt is locked and has the mentioned additional extension, the threat should announce its presence. It should do so by placing text files called Restore-My-Files.txt all over directories that have encrypted data.

We call these files ransom notes because they contain a message explaining what hackers want a user to do so that he could get decryption tools. As usual, cybercriminals wish to receive a particular amount of Bitcoins, which in this case, remains to be a secret. As you see, hackers want to decide how much you would have to pay for their decryptor after you contact them via email. Of course, we do not recommend it if you do not want to take any chances. The risk is that you may never get what you pay for, as there are no guarantees that the promised decryption tools will be delivered. Hackers can only prove that they have decryptors, but it is impossible to know if they will bother to provide them.

How to eliminate PhobosImposter Ransomware?

There is no point in letting PhobosImposter Ransomware stay on your system, which is why we recommend cleaning up your computer at once. If you think you can delete the malware manually, we can offer our removal steps available below. They show how to erase files belonging to the malicious application step by step. The other way to eliminate PhobosImposter Ransomware is to install a reliable antimalware tool and perform a full system scan. After the scan, you should be allowed to delete this ransomware along with other possible threats.

Remove PhobosImposter Ransomware

1. Click Ctrl+Alt+Delete.
2. Pick Task Manager and select Processes.
3. Locate a process belonging to the threat.
4. Select it and click End Task.
5. Exit Task Manager.
6. Click Windows key+E.
7. Locate these paths:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
8. Locate the malicious application’s launcher (it might be some recently downloaded/received file), right-click it, and select Delete.
9. Find documents called Restore-My-Files.txt, right-click them, and select Delete.
10. Exit File Explorer.
11. Empty your Recycle Bin.
12. Restart the computer. Download Removal Tool100% FREE spyware scan and
    tested removal of PhobosImposter Ransomware*