Frequently Asked Questions
What is the process to recover from a Dharma/PHOBOS Ransomware infection?
Please follow this instructions below very carefully to avoid delays or unnecessary additional cost. If you require assistance, please reach out to us and we can provide the service at an additional cost if you require technical support.
1. KEEP ALL COMMUNICATION THROUGH THIS TICKET BY SIMPLY REPLYING TO THIS EMAIL.
2. Please white-list our domain name from your Junk/Spam folder to ensure flow of communication.
3. Its highly recommended that you take a full backup to an external hard disk and have it removed from the system/network prior to our recovery. This is an additional precautionary measure for you.
4. Please run antivirus & malware software like Malwarebytes and ccleaner and scan all your PC and remove all detected files. (both are FREE - no need to purchase!)
5. Ensure you system is protected internally and externally from ransomware attacks
NOTE: We provide a complete Ransomware Prevention & Network Security Audit to ensure your system is safe from a re-infection. The cost for this service is $750.00 Australian Dollars per server and $120 per PC. (This should be done in addition to step 4 and prior to decrypting your data)
* If you have more than 10 PCs the cost is $70 per PC
For more information, please visit https://fastdatarecovery.com.au/ransomware-recovery/ransomware-prevention-protection-service/
6. PLEASE FOLLOW THE STEPS BELOW CAREFULLY (EXTREMELY IMPORTANT)
Sub-key Recovery Extraction Procedure / FDR Scan
Please run the remote access on a clean computer
we will need to run a scan tool to extract the sub-keys embedded on your files
TIP: Dharma/PHOBOS Ransomware contains 2 decryption key (the first decryption key we will run on multiple servers at our data centre to have it reversed engineered and the second key is captured from your encrypted files).
The Scan tool can only be run once (if we need to re-run the scan tool for whatever reason a further charge may apply).
ITS EXTREMELY IMPORTANT that you check/confirm the following:
i. COPY ALL FILES you wish to have decrypted to a clean PC In order to run the scan tool. (we suggest using www.smartsync.com - you can use a free 30 days trial)
Note 1: Please do not connect a decrypted hard disk or map a network drive to a new PC as it will often have file permission issues which will result in files not being scanned and subsequently will not decrypt.
Note 2: Ensure the computer we connect to have FULL Admin privileges with full read/write permissions to the copied files.
Note 3: ALL FILES to be decrypted must be copied to the same machine.
ii. Supply Fast Data Recovery with your admin username and password as we often find creating a new username and password
Tip: Please change your password and provide us with a temporary password.
iii. Note: All files must have the same ID. if you have more than 1 ID please notify us immediately.
ONLY FILES PART OF THE INITIAL SCAN CAN BE DECRYPTED.
ANY FILES YOU WISH TO HAVE DECRYPTED AFTER THIS STEP WILL INCUR A CHARGE
The steps above will ensure a trouble free recovery. If its not possible to have all files copied to a different computer due to any limitation, we can run the scan directly on your infected server (one only) where the data resides, however you will run the risk of some files not decrypting (copying the files to a clean computer is the only guarantee that files will decrypt without any problems)
Kindly, update the ticket once done and include your server admin username and password to avoid any uncessary dealys.