1300 500 400
1-888-278-8482
1-888-278-8482
+44-1273257254
+612 8259 0334

Ask The Expert!

Ransomware recovery services based in Australia and supporting clients around the globe – 24/7 SUPPORT

Customers Reviews
4.6
(88 reviews)
Rusty Brown
Rusty Brown
02:39 20 May 21
Awesome Team! as the name says: "Fast Data Recovery" I Ran into a ransomware issue and they really helped me out.Thanks Everyone!
Paul Devante
Paul Devante
10:04 19 May 21
Very good guys. They managed to recover all of my encrypted data(from one of the newer variants of ransomware), way faster than anticipated and they were very helpful and understanding throughout the process. Would wholeheartedly recommend if anyone has similar problems
Pro kids
Pro kids
15:20 18 May 21
I was infected by ransomware ( Zeppelin ) it was nightmare , finally 99% of my files have been recovered by FDR, and others 1% I just find in my own backups... so we stop recover and get 100% result !!!! ... after all ... I can say FDR = success :)) , jut by my own experience... if you attacked by ransomware, you must contact FDR team only ....strongly recommended !!!!!!!!!! thank you for great job !!!
Inês Silveira
Inês Silveira
14:59 18 May 21
As a Small Accounting Company in Portugal that deals with enormous amounts of files and information of companies and individuals for the last 16 years, seeing every single piece of data encrypted on the Easters' weekend rocked us to our core.In the few moments after understanding the situation and the repercussions to our company and our clients, we were overwhelmed with an unspeakable anguish and sense of dread.We later learnt from a client who went through such event past summer, about this Australian company that was able to fix their problem rather quickly and so, with no options we decided to reach out to Fast Data Recovery (FDR).I will not lie; we are talking about a lot of money; money we did not have, as most small businesses and individuals don’t.So, it was hard for us in such a short amount of time to come up with the amounts necessary to get them started on the process of recovery but since it was a matter of either get it, or close the company and go bankrupt, it kind of ended up being priceless (thankfully we also have some friends who were able to lend a BIG and unforgettable hand). And keep in mind that being a foreign company, from the other side of the world, we were rather scared that it was all a lie, and that we were just sending money somewhere blindly and relying mostly on faith.In a week, give or take, the situation was indeed resolved, and we cannot thank FDR team enough for really coming through and fixing it all for us.The various members of the team who talked to us through the days were very helpful although a bit distant – not to their fault as we (the clients) are slowly collapsing for most of the process and for them is just another day at the office – but never stopped replying and reassuring us of their work every time we asked. As you can imagine we were quite annoying...!In short, it was horrible rollercoaster of emotions and a high price overall (which we hope to never go through ever again) but the FDR team did what they said they would do and for that we are eternally grateful.Thank you!A. Patrício Team
Daniel Mallard
Daniel Mallard
11:26 23 Apr 21
We recently were put in touch with a distraught company who was hit by Ransomware and did not have a comprehensive data backup. We contacted FDR whom we had used before who promptly recovered the data and we restored the company back to a working state. Thanks to everybody at FDR who completed the job in a professional and timely manner. regards Echo Support Team
Alberto Leal
Alberto Leal
16:30 21 Jan 21
We had a ransomware attack on December 15 of last year. I got the recommendation to use Fast Data Recovery from a friend that had the same issue a few years back. Their response is super quick, and the communication with their staff very fluent. At all time they will answer your questions, and we always had information of how the process was going.They worked non-stop to get our files back and got us back running. They saved us from having to rewrite our information and gave us peace of mind. Would definitely recommend.

Frequently Asked Questions

PHOBOS ransomware is an encryption ransomware Trojan that was first observed on October 21, 2017 (a new variant of Dharma ransomware).

It is a malicious program that is classified as ransomware (aka. malware). Cybercriminals encrypt your files, blocking you from accessing them. They then demand you pay a ransom to access a decryption tool to recover your files. Once the ransom is paid, the cybercriminals rarely send the decryption tool. In most cases, the perpetrator’s email will be blocked or further ransomware demands are made.

PHOBOS ransomware creates a text file called “YOUR FILES ARE ENCRYPTED.txt”, “Files Encrypted.txt“info.txt” and displays a ransom note in a pop-up window.

This ransomware also renames all encrypted files by adding the “.PHOBOS” extension (together with the victim’s ID and the email address of the .PHOBOS hacker). For example, if a file is named “1.jpg“, then .PHOBOS will rename it to “1.jpg.id-1E857D00-1234.[hacker@email.com].PHOBOS” and so on.

Each ID will be a unique infection. Please advise us when submitting your quote if you have multiple IDs.

Our team has successfully recovered thousands of .PHOBOS ransomware cases. We guarantee recovery from ALL PHOBOS ransomware variants and we back our claim with a No Data = No Charge policy.

Submit an online case or talk to our ransomware specialist to assist with PHOBOS Ransomware recovery

Get A Quote Now

RANSOMWARE RECOVERY PROCEDURES

Fast Data Recovery is the largest ransomware recovery company based in Sydney, Australia. We support clients nationally and internationally with a 24/7 ransomware recovery team.

Our company has the resources, knowledge, and experience for complete ransomware data recovery, ransomware removal, and further ransomware prevention.

We understand the value of data and work extremely hard to recover your business data as fast as possible.

Most recoveries are completed in 24-48 hours.

Please visit How it works? for more information about the process of analysing your ransomware variant to enable us in providing a quote for the cost of recovery

We have a high rate of recovering data from (but not limited to), Dharma, PHOBOS, Zepplin, Matrix, Globimposter, Stop/DJVU, Revil, Avaddon, Makop, Snatch, Lockbit, Netwalker, QNAP, etc… ransomware attacks and we operate on a no data = no charge policy for peace of mind.

For urgent cases, select the Priority Evaluation option (for 4-24 hours response time).

CONTACT US

Fast Data Recovery supports clients worldwide.

We are available 24/7 for all your enquiries.

You can contact us via email, our online chat, or if you prefer to talk to a ransomware recovery engineer, feel free to call us on one of the numbers below:

1300 500 400 (Australia)
1-888-278-8482 (US/Canada Toll Free)
+44-1273257254 (UK – Brighton Toll Free)
+612 8259 0334 (All other countries)

SUBMIT AN ONLINE CASE OR TALK TO ONE OF OUR RANSOMWARE SPECIALISTS TO ASSIST WITH YOUR RANSOMWARE RECOVERY:

  • 100% Guaranteed Recovery from most types of ransomware
  • Technicians are available 24/7 to start your recovery immediately
  • Priority Data Recovery Service (48 hours recovery time in 90% of cases)
  • Australian based with 24/7 Worldwide support
  • Free Evaluation or 4-24 hours Priority Evaluation for more urgent cases (most evaluation are completed in 4-8 hours)
  • No Obligation Fixed Quotes
  • No Data No Charge
  • All recoveries are done remotely (no need to send us your data!)
  • Ransomware Specialists
  • Advanced Ransomware Prevention and Security Audit to eliminate the risk of ransomware
  • Established company with over 10 years of data recovery experience
  • 1000+s of happy clients
  • All International clients are welcome

COMPANY DETAILS

Fast Data Recovery is a registered company based in Sydney, Australia. It is part of  the PC Link Professionals Pty Ltd group, which specialises in IT Support, Security and Data Recovery (established in 2008). Due to the exponential growth of demand for ransomware recovery, Fast Data Recovery was established by the PC Link Professionals group in December 2018.

Please visit the Australian Business Register for more information about the establishment of our business:

PC Link Professionals Pty Ltd – https://abr.business.gov.au/ABN/View?abn=20132031826

Fast Data Recovery Pty Ltd – https://abr.business.gov.au/ABN/View?abn=78630597778

CUSTOMER TESTIMONIALS and REVIEWS

We pride ourselves on the quality of work we provide. Customer service is our number one priority and we strive to exceed your expectations. Please read for yourself what other customers are saying about our services:

Google Reviews: https://goo.gl/S7KM9Y
Independent Reviews: https://trustspot.io/store/Fast-Data-Recovery
Clients Written Testimonials: https://fastdatarecovery.com.au/clients-written-testimonials/

We do not recommend paying hackers. It’s a small chance of getting your files back.

Hackers in some instances may release personal information about your company to the public if you contact them and do not meet their ransom demands. Its strongly recommended not to communicate with them. (using an alternate email does not keep your identity safe as each infection has a unique code to identify you)

Scenarios from customer’s feedback who paid the ransom without engaging a ransomware recovery company to recover without paying the ransom or at least negotiate in case we are unable to recover in a timely manner.
1. The hackers may ask you for extra money after you make the first payment (The trend)
2. The hacker’s email usually gets closed down by the email provider (Once the email is reported to the domain webmaster their email will be shut down. Usually thousands of victims are infected at the same time so the likely-hood of this happening is very high)
3. They send you a sample file, take your money and simply stop responding
4. They may recover all/some of your files

In the event where we are unable to recover from your type of ransomware or able to recover in a timely manner, we can use our resources and experience to obtain the decryption at still offer a No Data No Charge for peace of mind

For a risk-free recovery, Submit an online case or talk to our ransomware specialist to assist with PHOBOS Ransomware recovery

At Fast Data Recovery, we serve the needs of both individuals and businesses who wish to have their data recovered after a ransomware attack. We are equipped with the reoucres, experience and knowlodge to perform complete ransomware data recovery.

We also provide ransomware removal and ransomware prevention measures to protect you from future attacks.

RANSOMWARE PREVENTION & SECURITY AUDIT?

Fast Data Recovery offers a comprehensive Ransomware Prevention and Protection service against Ransomware attacks.

If the worst happens and you become infected with a RANSOMWARE, we advise that you disconnect the infected system from the network (we do not advice to shut down your system as this may corrupt your data or system files further and prevent a quick repair).

DO NOT TRY TO REMOVE THE RANSOMWARE. By running Antivirus or Malware removal software you may cause further damage and make the encryption irreversible.

Ransomware removal and the recovery of your valuable data should always be left to an experienced ransomware recovery expert.

Fast Data Recovery has the knowledge, resources and expertise to recover your data and completely remove all known forms of ransomware and malware. In most cases, we manage to recover 100% of our customer’s encrypted data.

Our data recovery process is quick, simple and entirely focused on restoring your valuable data and getting your business back on track as quickly as possible.

Fast Data Recovery offers a comprehensive Ransomware Prevention and Security Audit to secure your network from further attacks

  • Find the source of the attack to better protect your network
  • Find & Destroy the ransomware on your server
  • Find and destroy ransomware time-bomb, backdoor, key-logger trojans implemented by the perpetrators
  • Full protection against all current know types of ransomware attacks.
  • Protect your server from other common attacks used by hackers
  • Check Registry for changes made by hackers
  • Deep level scan from common hackers practices.
  • Complete network and security audit to minimise risk – A full list of any recommendation will be sent in a detailed report to further prevent future attacks from other computers/devices on your network
  • Best practices and solutions for protecting businesses from ransomware downtime
  • Check your current backups and advise on best backup practices
  • Check if your antivirus has adequate ransomware protection. Most antivirus’ fall short in protecting against Ransomware.
  • Group Policy and Passwords audit and recommendations
  • General IT recommendations if we feel it will improve your overall system/processes.
  • (Optional but highly recommended) Full scan and prevention on your computers/laptops

It is no longer a matter of if, but rather when your organisation will become the target of a data breach. As the threat landscape continues to expand, more doors have opened for threat actors to explore and attack putting businesses at risk of unauthorised access and loss of critical data.

PHOBOS Ransomware Extensions

PHOBOS Ransomware is almost identical to Dharma Ransomware. Recently we are seeing a lot more PHOBOS infections.

This family of ransomware releases a new variant frequently (weekly), some of the latest PHOBOS Ranswomare includes:

1500dollars – Released 5/7/19
ACTOR – Released 19/7/19
ACTIN RANSOMWARE (Released 24th May 2019)
ADAGE – Released 21/6/19
Adame – Released 19/7/19
FRENDI RANSOMWARE
PHOBOS RANSOMWARE
PHONEIX RANSOMWARE
MAMBA – Released 17/5/19
WALLET – Released 5/7/19
DEWAR – Released Oct 20
EIGHT  – Released Dec 20
Elder – Released November 19, 2020
Devon – Released August 14, 2020
Caleb – Released August 4, 2020
Dever – Released August 31, 2020
Barak – Released Dec 16, 2020
Deuce – Released Aug 4, 2020
Banjo – Released Jan 15, 2021
Deal – Released Aug 5, 2020
Devil – Released Jan 13, 2021
Ideal – Released Sep 17, 2020
Devos – Released Jan 11, 2021
DLL – Released Dec 29, 2020
Caley – Released Sep 10, 2020
Eject – Released Sep 22, 2020
Help – Released Aug 5, 2020 Update 4 Dec, 2018
.com – Released Nov 16, 2020
Calix – Released Nov 13, 2020
Moneta – Released Dec 23, 2020
Eking – Released Jan 22, 2021
Google – Released Aug 19, 2020

 

DEVOS Ransomware

We are 100% successful in helping thousands of customers recover from Devos ransomware variants. All our work is guaranteed or your money back

Devos Ransomware is part of the Phobos Ransomware family and amends an ID to every file. For example File.PDF will be renamed to File.pdf.id[1E857D00-2654].[qq1935@mail.fr].Devos

Devos provides victims with two ransom messages: one in a pop-up window (“info.hta” file) and another in a text file named “info.txt“.

The Devos Ransomware will drop text ransomware demanding note on the victim’s server  named “info.txt” and another pop-up window (“info.hta” file)

The “info.txt” file contains one of the many devos email addresses (qq1935@mail.fr) that should be used to contact the cybercriminals who designed Devos. The “info.hta” window contains a more detailed ransom message, which states that the email must include the appointed ID and can contain up to five attachments (encrypted files) that cybercriminals will decrypt free of charge.

Devos Ransomware was released in January 2021

Its highly recommended not to rename encrypted files or attempting to decrypt them with other software WILL cause permanent data loss. It’s best to disconnect your network cables from all the computers and servers (regardless if they are infected or not as the backers most likely installed a backdoor to access all the computers on your network before they encrypt your data)

Most Antiviruses will not protect from Devos Ransomware or the hackers will terminate the antivirus detection to avoid detection.

Based on VirusTotal, Devos Ransomware is detected as Avast (Win32:Malware-gen), BitDefender (Trojan.Ransom.Phobos.F), ESET-NOD32 (Win32/Filecoder.Phobos.C), Kaspersky (HEUR:Trojan.Win32.Generic)

Don’t Panic! – Most of the files are recovered within 48 hours with a 100% success rate.

 

EIGHT Ransomware 

We are 100% successful in helping thousands of customers recover from EIGHT ransomware variants. All our work is guaranteed or your money back

EIGHT Ransomware is part of the Phobos Ransomware family and amends an ID to every file. For example File.PDF will be renamed to File.pdf.id[1E857D00-2776].[ use_harrd@protonmail.com].EIGHT

EIGHT provides victims with two ransom messages: one in a pop-up window (“info.hta” file) and another in a text file named “info.txt“.

The EIGHT Ransomware will drop text ransomware demanding note on the victims’ server named “info.txt” and another pop-up window (“info.hta” file)

The “info.txt” file contains one of the many EIGHT email addresses (use_harrd@protonmail.com) that should be used to contact the cybercriminals who designed EIGHT. The “info.hta” window contains a more detailed ransom message, which states that the email must include the appointed ID and can contain up to five attachments (encrypted files) that cybercriminals will decrypt free of charge.

EIGHT Ransomware was released in December 2020

It’s highly recommended not to rename encrypted files or attempting to decrypt them with other software WILL cause permanent data loss. It’s best to disconnect your network cables from all the computers and servers (regardless if they are infected or not as the backers most likely installed a backdoor to access all the computers on your network before they encrypt your data)

Most Antiviruses will not protect from EIGHT Ransomware or the hackers will terminate the antivirus detection to avoid detection.

Based on VirusTotal, EIGHT Ransomware is detected as Avast (Win32:Malware-gen), BitDefender (Gen:Variant.Ulise.99735), ESET-NOD32 (A Variant Of Win32/Filecoder.Phobos.C), Kaspersky (HEUR:Trojan.Win32.Generic), Full List Of Detections

Don’t Panic! – 98% of all PHOBOS/EIGHT Ransomware cases are recovered within 48 hours and we offer a No Data No Charge policy

EKING Ransomware 

We are 100% successful in helping thousands of customers recover from EKING Ransomware variant of the Phobos family. All our work is guaranteed or your money back

EKING Ransomware is part of the Phobos Ransomware family and amends an ID to every file. For example File.PDF will be renamed to File.pdf.id[1E857D00-2771].[ decphob@tuta.io].EKING

EKING provides victims with two ransom messages: one in a pop-up window (“info.hta” file) and another in a text file named “info.txt“.

The EKING Ransomware will drop text ransomware demanding note on the victims’ server named “info.txt” and another pop-up window (“info.hta” file)

The “info.txt” file contains one of the many EKING email addresses (decphob@tuta.io) that should be used to contact the cybercriminals who designed EKING. The “info.hta” window contains a more detailed ransom message, which states that the email must include the appointed ID and can contain up to five attachments (encrypted files) that cybercriminals will decrypt free of charge.

EKING Ransomware was released in January 2021

It’s highly recommended not to rename encrypted files or attempting to decrypt them with other software WILL cause permanent data loss. It’s best to disconnect your network cables from all the computers and servers (regardless if they are infected or not as the backers most likely installed a backdoor to access all the computers on your network before they encrypt your data)

Most Antiviruses will not protect from EKING Ransomware or the hackers will terminate the antivirus detection to avoid detection.

Based on VirusTotal, EKING Ransomware is detected as Avast (Win32:PWSX-gen [Trj]), BitDefender (Trojan.GenericKD.33855769), ESET-NOD32 (A Variant Of MSIL/GenKryptik.EKSC), Kaspersky (HEUR:Trojan-PSW.MSIL.Agensla.gen),

Don’t Panic! – 98% of all PHOBOS/EKING Ransomware cases are recovered within 48 hours and we offer a No Data No Charge policy

ELDER Ransomware

We are 100% successful in helping thousands of customers recover from ELDER Ransomware variant of the Phobos family. All our work is guaranteed or your money back

Elder is malicious software belonging to the Phobos ransomware family. It is designed to encrypt data and keep it inaccessible until a ransom is paid (i.e., decryption software/tool is purchased). When Elder encrypts data, it renames files with the victim’s unique ID number, developer’s email address, and the “.elder” extension. For example, “1.jpg” becomes “1.jpg.id[1E857D00-2397].[stocklock@airmail.cc].elder” and so on for all affected files. Once this process is complete, Elder stores two files on the desktop (“info.hta” and “info.txt“), which contain the ransom messages.

The text file (“info.txt“) informs users that their data has been encrypted and, to decrypt it, they must contact the cybercriminals behind Elder. This file contains two email addresses for that purpose. The HTML application (“info.hta“), which opens a pop-up window, holds a detailed ransom message. It states that the email that victims send to the criminals must include their unique ID number (generated for each attack individually) in the title/subject of the message. If there is no response from Elder developers within 24 hours, users are urged to use the alternative email address. The ransom must be paid in the Bitcoin cryptocurrency, and the size of this ransom will depend on how quickly victims make contact. To ‘prove’ their ability to recover data, the cybercriminals offer to decrypt up to five files free of charge. The files will be decrypted, as long as their total size is no greater than 4 MB (non-archived) and they do not contain ‘valuable information’ such as databases, backups, large excel sheets, etc. The message provides instructions about how to obtain Bitcoins and lists actions victims should not take. Users are warned that if they rename files or attempt to decrypt them with third-party software, they risk permanent data damage. Unfortunately, this is accurate: ransomware-type programs use strong encryptions, which can only be decrypted with the software initially used to encrypt it. Despite this, you are advised against communicating with any cyber criminals or meeting their demands. Even after payments are made, users receive none of the promised tools, thereby leaving their data permanently damaged. Removing this malicious program will not restore affected files (they will remain encrypted), but will prevent Elder from further data encryption. The only solution is to restore the compromised data from a backup, provided one was made prior to the infection and stored separately.

Don’t Panic! – 98% of all PHOBOS/ELDER Ransomware cases are recovered within 48 hours and we offer a No Data No Charge policy.

DEVON Ransomware

We are 100% successful in helping thousands of customers recover from DEVON Ransomware variant of the Phobos family. All our work is guaranteed or your money back

Belonging to the Crisis/Dharma malware family, Devon is a ransomware infection. This malicious program encrypts data and demands payment for decryption. When encryption is underway, files are renamed with a unique ID, the developer’s email address and “.Devon” extension. For example, a filename like “1.jpg” might appear as something similar to “1.jpg.id[1E857D00-2609].[decryptfiles@qq.com].Devon“, and so on for all affected files. Once this process is complete, Devon malware stored the “info.hta” and “info.txt” files on the desktop. Both the HTML application and text file contain ransom messages. Updated variants of this ransomware use “.[cyberdyne@foxmail.com].Devon“, “.[decryption_help@protonmail.com].Devon“,  “.[suppdecrypt@cock.li].Devon“, “.[Unlock1@cock.li].Devon“, “.[admindevon@cock.li].devon” and “.[celine_denny@aol.com].Devon” extensions for encrypted files.

The text file (“info.txt”) informs victims that their data has been encrypted and, to recover it, they must establish contact with the cybercriminals behind the infection. This message lists their email address and instructs users that if there is no response from the criminals via email, they can use the Jabber client messaging platform to initiate communication. The ransom demand message within the “info.hta” pop-up window goes into more detail. It states that the victims’ emails must include their unique IDs in the title/subject field. The message also reiterates that the alternative method of communication is through Jabber client. Detailed instructions about how to download/install and create an account on this platform are provided. To recover their files, users are to pay a certain sum for decryption tools/software. The size of the ransom is unspecified but is supposedly dependent on how quickly victims contact the developers of Devon. Payment must be made in the Bitcoin cryptocurrency (there are also links detailing how to and from where to acquire Bitcoins). As ‘proof’ that recovery is possible, up to five files can be sent free of charge for decryption. The total size of these test files cannot exceed 4 MB (non-archived) and they cannot contain valuable information (e.g. databases, backups, large excel sheets, etc.). Users are warned not to rename encrypted files or attempt decryption with third-party software – this can lead to permanent data loss. Without the involvement of the individuals responsible for the infection, decryption is usually impossible unless the ransomware in question is still in development and/or has flaws/bugs. Regardless, you are strongly advised against meeting the demands of cybercriminals. Despite paying, victims often receive none of the promised decryption tools/software. Therefore, their data remains encrypted and useless. To prevent further encryption by Devon, it must be removed from the operating system, however, removal will not restore already affected files. The only viable solution is to recover data from a backup if one was made prior to the infection and was stored in a different location.

ADAGE Ransomware

We are 100% successful in helping thousands of customers recover from ADAGE Ransomware variant of the Phobos family. All our work is guaranteed or your money back

First discovered by malware researcher, Raby, Adage is yet another variant of high-risk ransomware called Phobos. This malware is designed to stealthily infiltrate computers and encrypt most stored files, thereby rendering them unusable. Additionally, Adage renames each file by appending the victim’s unique ID, developer’s email address, and “.adage” extension. For example, “sample.jpg” might be renamed to a filename such as “sample.jpg.id[1E857D00-2250].[wewillhelpyou@qq.com].adage“. Once encryption is complete, Adage generates and automatically runs an HTML application (“info.hta“), and also creates a text file (“info.txt“). Both files are stored on the victim’s desktop.

The new text file contains a short message informing victims of the current situation and encourages them to contact Adage’s developers if they wish to restore their files. The HTML application (which displays a pop-up window) provides much more detail. The pop-up states that, to decrypt data, victims must pay a ransom using the Bitcoin cryptocurrency. The cost is not specified, however, ransoms usually fluctuate between $500 and $1500. Developers also attempt to ‘prove’ that they are capable of restoring data and gain victims’ trust by offering free decryption of five files (up to 10 MB in total, non-archived). These files cannot contain “important information” (such as backups, databases, excel sheets, etc.) and victims must attach them to the initial email. No matter what the cost, do not pay. Research shows that cybercriminals often ignore victims once payments are submitted. They do not help victims to restore their data. Thus, paying delivers no positive result. Ignore all statements encouraging you to contact these people and certainly do not pay any ransoms. Unfortunately, Adage is undecryptable ransomware and there are no tools capable of cracking the encryption and restoring data free of charge. The only solution is to restore everything from a backup.

DEWAR Ransomware

We are 100% successful in helping thousands of customers recover from DEWAR Ransomware variant of the Phobos family. All our work is guaranteed or your money back

Dewar is a malicious program belonging to the Phobos ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. During the encryption process, all affected files are renamed according to the following pattern: original filename, unique ID, developer’s email address and the “.dewar” extension. For example, a file like “1.jpg” would appear as something similar to “1.jpg.id[1E857D00-2718].[kryzikrut@airmail.cc].dewar“.

The text file states that the victims’ data has been encrypted. To get further instructions about how to decrypt it, they must establish contact with the cybercriminals behind the infection via email, Telegram or Jabber instant messaging platforms. The ransom message in the pop-up window (“info.hta”) provides more information. This message repeats the initial statement concerning file encryption and adds that, when initiating contact with the ransomware developers, users must include their IDs (found in the pop-up and filenames of each encrypted file). While the size of the ransom is not specified (this will depend on how quickly contact is established), victims are informed that it must be paid in the Bitcoin cryptocurrency. Links are provided for how and from where to acquire Bitcoins. Users are warned that renaming compromised files or attempting decryption with third-party tools/software can result in permanent data loss. Prior to making payment, victims can test decryption by sending up to five encrypted files. The size of these test files cannot exceed 4 MB in total. Additionally, they must not be archived or contain valuable information (e.g. databases, backups, large excel sheets, etc.). Lengthy instructions are provided on how to install and create an account in Jabber (Pidgin instant messaging client). Should these directions be confusing, the message suggests searching installation tutorials on YouTube. Unfortunately, in most cases of ransomware infections, decryption is impossible without the involvement of the criminals responsible, unless the malware in question is still in development or has bugs/flaws. Whatever the case, you are strongly advised against paying cybercriminals. Despite meeting the ransom demands, victims do not receive the promised decryption tools/software. Therefore, their data remains encrypted and useless, and they also experience a significant financial loss. To prevent Dewar from further encryption, it must be removed from the operating system, however, removal will not restore already affected files. The only viable solution is recovering data from a backup if one was created before the infection and was stored in a different location.

DEVIL Ransomware

We are 100% successful in helping thousands of customers recover from DEVIL Ransomware variant of the Phobos family. All our work is guaranteed or your money back

Devil is a part of Phobos, a family of ransomware-type programs. It renames encrypted files by appending the victim’s ID, developer’s email address and “.devil” extension to filenames. For example, a file such as “1.jpg” is renamed to a filename such as “1.jpg.id[1E857D00-2574].[decrypt4data@protonmail.com].devil“, and so on. Like most programs of this type, Devil provides victims with instructions about how to contact the developers and decrypt files. In this case, it creates the “info.txt” file and displays a pop-up window (info.hta).

The pop-up window states that Devil encrypts all files and that they cannot be decrypted without a decryption tool and/or key, which can be purchased from the developers. Instructions about how to purchase the tool/key can be obtained by sending an email to decrypt4data@protonmail.com. It is stated that the cost of decryption depends on how quickly victims contact cybercriminals. Devil’s developers promise to send a decryption tool after payment. They also offer free decryption of five files, which can be sent to them via the email address provided. The files cannot exceed 4 MB or contain valuable information. It is also stated that renaming or trying to decrypt files with other software might cause permanent data loss and/or increase the cost of decryption. Unfortunately, there are currently no other free tools able to decrypt files compromised by Devil. Despite this, do not trust these or other cybercriminals (ransomware developers). They send no decryption tools/keys even if victims meet all demands and pay the ransoms. The only way to recover files without having to pay a ransom (and risking being scammed) is to restore them from a backup. Files remain encrypted even if ransomware is uninstalled/removed from the operating system – removal simply prevents further data loss (encryption).

BARAK Ransomware

We are 100% successful in helping thousands of customers recover from BARAK Ransomware variant of the Phobos family. All our work is guaranteed or your money back

Barak is a malicious program belonging to the Phobos ransomware family. It operates by encrypting data and demanding payment for decryption tools/software. During the encryption process, files are renamed with the following pattern: original filename, unique ID, cyber criminals’ email address and the “.Barak” extension. For example, a file such as “1.jpg” would appear as “1.jpg.id[1E857D00-2378].[smithhelp@mail.ee].Barak“, and so on for all of the affected files. After this process is finished, ransom messages (“info.hta” and “info.txt“) are created on the desktop. Updated variants of this ransomware use the “.[propixt@cock.li].Barak” and “.[torhelp@mail.ee].Barak” extensions for encrypted files.

The text file (“info.txt“) states that all of the victims’ data has been encrypted. To decrypt their files, users are to establish contact with the cybercriminals behind Barak ransomware via email. The ransom message in the pop-up window (“info.hta“) adds that the victims’ emails must include the ID assigned to them in the message subject field. According to the message, the only way to recover the encrypted data is to purchase decryption tools/software from the criminals. The cost of these tools will depend on how quickly communication is initiated. While the size of the ransom is not specified, it is stated that it must be paid in the Bitcoin cryptocurrency. Prior to payment, users can send up to five encrypted files to test decryption. The total size of these files cannot exceed 4 MB (non-archived) and they must not contain valuable information (e.g. databases, backups, large excel sheets, etc.). This message ends with warnings, alerting users that renaming the encrypted files or attempting to decrypt them with third party software can result in permanent data loss. In most cases of ransomware infections, decryption is impossible without the involvement of the cybercriminals responsible, unless the malware in question is in development and/or has significant bugs/flaws. Regardless, you are strongly advised against meeting the ransom demands. Despite paying, victims do not receive the promised decryption tools/software. Therefore, their data remains encrypted and they also experience a financial loss. Removing the Barak malicious program will prevent it from further encryption, however, it will not restore already compromised files. The only solution is to recover data from a backup if one was made before the infection and was stored in a different location.

BANJO Ransomware

We are 100% successful in helping thousands of customers recover from BANJO Ransomware variant of the Phobos family. All our work is guaranteed or your money back

Banjo is one of the malicious programs that belong to the ransomware family called Phobos. Like most programs of this type, Banjo is designed to encrypt files, modify their filenames and provide instructions on how to contact its developers. It renames files by adding victim’s ID, the mutud@airmail.cc email address and appending the “.banjo” extension. For example, it renames a file named “1.jpg” to “1.jpg.id[C279F237-3069].[mutud@airmail.cc].banjo“, “2.jpg” to “2.jpg.id[C279F237-3069].[mutud@airmail.cc].banjo“, and so on. Banjo provides instructions on how to contact its developers in a pop-up window and “info.txt” text file.

As written in Banjo’s ransom notes (“info.hta” and “info.txt” files), victims can receive instructions on how to buy a decryption tool by writing an email to mutud@airmail.cc or krasume@tutanota.com, or contacting the user named @krasume on Telegram. It is stated that the price of a decryption tool depends on how fast victims will contact Banjo’s developers. Additionally, before making a payment victims are offered to send up to 5 files (that do not contain any valuable information) for free decryption. As a rule, cybercriminals behind ransomware attack are the only ones who can provide the right decryption tools. Unfortunately, there are no third-party tools that can decrypt files that are encrypted by Banjo as well. Therefore, in this case, the only way to recover files for free is to restore them from a backup. It is strongly recommended not to pay Banjo’s developers for decryption too, it is very likely that they will not send even after payment. It is worthwhile to mention that if the installed ransomware-type program has not encrypted all files, then unencrypted files can be prevented from being encrypted by uninstalling that malicious program from the operating system. However, files that are already encrypted remain inaccessible even after its uninstallation.

DEVER Ransomware

We are 100% successful in helping thousands of customers recover from DEVER Ransomware variant of the Phobos family. All our work is guaranteed or your money back

Belonging to the Phobos malware family, Dever is a ransomware-type malicious program. Infected devices have their data encrypted and a ransom is demanded from the victims for decryption software/tools. When Dever encrypts files, it renames them according to the following pattern: unique ID, developer’s email address (there are several addresses used the cybercriminals behind this infection, and thus there is more than one variant in the altered filenames), and appends them with the “.Dever” extension. For example, a file like “1.jpg” might appear as something similar to “1.jpg.id[1E857D00-2544].[lizethroyal@aol.com].Dever” following encryption. Once this process is complete, a text file (“info.txt“) and an HTML application (“info.hta“) are created on the desktop.

The text file informs victims that their data has been encrypted and, if they wish to restore it, they must contact the developers of Dever ransomware through the email addresses provided. The HTML application pop-up window contains a more detailed ransom message. It clarifies that the email’s subject/title must include the user’s ID (generated individually for each victim and located both in the message and filenames of affected files). If the cybercriminals do not respond within 24 hours, victims are urged to use the alternative email address. The cost of decryption tools/software will depend on how quickly users establish contact. The ransom must be paid in the Bitcoin cryptocurrency (the message also lists web links detailing how to and from where to obtain Bitcoins). As a ‘guarantee’ that recovery is possible, the criminals offer to decrypt up to five files free of charge. The total size of these files cannot exceed 4 MB (non-archived) and they cannot contain valuable information, such as databases, backups, large excel sheets or similar. Users are warned that renaming compromised files and/or attempting to decrypt them with third-party programs can lead to permanent data loss. In most cases of ransomware infections, manual decryption (i.e. without the involvement of the individuals responsible) is impossible, unless the malicious software in question has bugs/flaws or is still in development. Regardless, you are strongly advised against communicating with and/or meeting the demands of cybercriminals – they cannot be trusted. Despite paying, victims often do not receive the promised decryption software/tools. Therefore, their data remains encrypted and useless. To prevent Dever from further encryption it must be eliminated from the system. Unfortunately, removal will not restore already encrypted data. Files can be recovered from a backup if one was made prior to the infection and was stored in a different location.

DLL Ransomware

We are 100% successful in helping thousands of customers recover from DLL Ransomware variant of the Phobos family. All our work is guaranteed or your money back

DLL is the name of a malicious program, belonging to the Phobos ransomware family. This malware’s discovery is credited to Luigi Martire. This ransomware operates by encrypting data and demanding payment for the decryption tools. During the encryption process, files are renamed according to this pattern: original filename, a unique ID assigned to the victim, cyber criminals’ email address and the “.DLL” extension (not the be confused with the extension of Dynamic Link Library files). For example, a file originally named “1.jpg” would appear as something similar to “1.jpg.id[C279F237-2989].[technopc@tuta.io].DLL” – following encryption. After this process is complete, ransom notes are created in a pop-up window (“info.hta“) and “info.txt” text file.

The message in “info.txt” informs victims that their data has been encrypted. To recover their files, users are told to write to the provided email address. Should no response arrive within 24 hours, they are to write to the secondary mail address. The “info.hta” (pop-up) provides slightly more information concerning the ransomware infection. It states that victims’ emails must contain the ID assigned to them. This ransom note also clarifies that users will have to pay for the decryption. The size of the ransom will depend on how quickly victims establish contact with the cybercriminals. Furthermore, the payment will have to be made in Bitcoin cryptocurrency (the message also contains links to websites detailing how to and from where to purchase Bitcoins). Prior to paying the ransom, users can test decryption by sending up to five encrypted files to the criminals. Provided if the total file size does not exceed 4 MB (non-archived) and they do not contain valuable information (e.g. databases, backups, large excel sheets, etc.) – the files will be decrypted and sent back. The message in the pop-up window is concluded with warnings. Users are alerted that renaming the encrypted files and/or attempting to decrypt them with third-party tools/software – may result in permanent data loss (i.e. render the files undecryptable). In many cases of ransomware infections, decryption is impossible – without the interference of the individuals responsible for the attack. Recovery might be possible if the malicious program has significant bugs (flaws) and/or is still in development. Regardless of the circumstances, it is expressly advised against communicating with and/or meeting the demand of cybercriminals. Since often, despite paying – victims do not receive the promised decryption tools/software. Hence, they experience financial loss and their data remains inaccessible and worthless. To prevent DLL (Phobos) ransomware from further encryptions, it must be removed from the operating system. Unfortunately, removal will not restore already affected files. The only solution is recovering them from a backup if one was created before the infection and was stored in a different location.

 

Fast Data Recovery guarantee full recovery from all types of PHOBOS and our work is guaranteed.

Hackers Emails we can recover from

List of Hackers Emails We Can Recover From but not only limited to the list below, so please reach out to us 24/7 by phone, email or webchat and we will be able to assist you

PHOBOS – DEVOS Ransomware Hackers List

qq1935@mail.fr
time2relax@firemail.cc
backupfiles01@protonmail.com
dessert_guimauve@aol.com
qq1935@mail.fr
time2relax@firemail.cc
ifirsthelperforunlockyourfiles@privatemail.com
backupfiles01@protonmail.com
william_jefferson1@protonmail.com
yourbackup@email.tg
helpbackup@email.tg
Decryption24h@pm.me
dessert_guimauve@aol.com
HelpforFiles@tutanota.com
squadhack@email.tg
decryptfiles@countermail.com
kabennalzly@aol.com
decryptioner@airmail.cc
savemyfiles@protonmail.com
hjelp.main@protonmail.com
2183313275@qq.com
ambulance@keemail.me
saveyourfiles@qq.com
flopored@protonmail.com
villiamsscorj_rembly@protonmail.com
howtodecrypt@elude.in
support_2020_locker@protonmail.com
lucky_top@protonmail.com
filemaster777@protonmail.com
file-cloud@email.tg
support.devos777@snugmail.net
filemaster777@tutanota.com
support_devos@protonmail.com
devos_devos@tutanota.com
@devos_support (Telegram)
cris_nickson@xmpp.jp (Jabber)
devos@countermail.com
geerban@email.tg
devosapp@aaathats3as.com
dawhack@email.tg
star-new@email.tg
hunterducker@cumallover.me
hunterducker@tutanota.com
devos@eml.cc
* List is currently being updated

PHOBOS – EIGHT Ransomware Hackers List

use_harrd@protonmail.com
useHHard@cock.li
nopain555@protonmail.com
se_harrd@protonmail.com
useHHard@cock.li
use_harrd@protonmail.com
useHHard@cock.li
nopain555@protonmail.com
foxbox@airmail.cc
vivanger123@tutanota.com
ICQ@VIRTUALHORSE
2020×0@protonmail.com
bondy.weinholt@aol.com
fidelako@int.pl
shelfit@airmail.cc
bertylarwayorstoner@jabb.im
ICQ@HONESTHORSE
robertwels@airmail.cc
sorysorysory@cock.li
helprecoveryfiles@cock.li
ezequielanthon@aol.com
xsupportx@countermail.com
messi_tr_2020@protonmail.com
mccreight.ellery@tutanota.com
verious1@cock.li
willi.stroud@aol.com
foxbox@xmpp.cz
hershel_houghton@aol.com
jewkeswilmer@aol.com
patiscaje@airmail.cc
decryptfilesonlinebuy@pm.me
ICQ@Horseleader
Bk_Data@protonmail.com
Petya20@tuta.io
SupportC4@elude.in
decrypt2021@elude.in
wang_team888@aol.com
barnabas_simpson@aol.com
emerson.parkerdd@aol.com
brandon_draven@protonmail.com
erich_northman@protonmail.com
lyontrevor@aol.com
mccandlessronald@aol.com
AaronKennedy74@cock.li
bhattarwarmajuthani@420blaze.it
brokenbrow.teodorico@aol.com
cornellmclearey@aol.com
ximenezpickup@aol.com
verilerimialmakistiyorum@mail.ru
sookie.stackhouse@gmx.com
dupuisangus@aol.com
s.boultons@aol.com
blair_lockyer@aol.com
murryu@aol.com
chocolate_muffin@tutanota.com
frankfbagnale@gmail.com
frankfbagnale@cock.li
victorlustig@gmx.com
elfbash@protonmil.com
alexei.v@aol.com
eppinger.adams@aol.com
martinwilhelm1978@cock.li
fredmoneco@tutanota.com
andreashart1834@cock.li
fredmoneco@tutanota.com
recoveryufiles@tutamail.com
cheston_windham@aol.com
augusto.ruby@aol.com
coxbarthel@aol.com
tsai.shen@mailfence.com
frankmoffit@aol.com
benwell_jonathan@aol.com
onlybtcp@tutanota.com
herbivorous@keemail.me
bernard.bunyan@aol.com
tsai.shen@xmpp.jp (Jabber)
vickre me (Wickr)
@phobos_support (Telegram)
* List is currently being updated

PHOBOS – EKING Ransomware Hackers List

decphob@tuta.io
decphob@protonmail.com
holylolly@airmail.cc
digistart@protonmail.com
greed_001@aol.com
helpmedecoding@airmail.cc
Black_Wayne@protonmail.com
Decryptdatafiles@protonmail.com
supp0rt@cock.li
quickrecovery05@firemail.cc
tsec3x777@protonmail.com
DECRYPTUNKNOWN@Protonmail.com
gluttony_001@aol.com
recoryfile@tutanota.com
ICQ@fartwetsquirrel
jerjis@tuta.io
holylolly@airmail.cc
pride_001@aol.com
kabura@firemail.cc
r4ns0m@tutanota.com
contactjoke@cock.li
moon4x4@tutanota.com
hublle@protonmail.com
clearcom@protonmail.com
chinadecrypt@fasthelpassia.com
paymantsystem@cock.li
Hubble77@tutanota.com
savemyself1@tutanota.com
qirapoo@firemail.cc
yoursjollyroger@cock
raboly@firemail.cc
eight20@protonmail.com
divevecufa@firemail.cc
cyvedira@firemail.cc
filedec@tutanota.com
crioso@protonmail.com
eleezcry@tutanota.com
HELPUNKNOWN@Tutanota.com
decrypt20@vpn.tg
kubura@firemail.cc
rodrigos@keemail.me
chadmad@ctemplar.com
chadmad@nuke.africa
dataencrypted@tutanota.com
itambuler@protonmail.com
itambuler@tutanota.com
dcrptfile@protonmail.com
filesdecrypt@aol.com
davidshelper@protonmail.com
reynoldmuren@tutanota.com
dacowe@firemail.cc
dozusopo@tutanota.com
subik099@tutanota.com
subik099@cock.li
trizvani@aol.com
trizvani@tutanota.com
datashop@list.ru
wugenaxu@firemail.cc
databack@airmail.cc
databack@firemail.cc
moonlight101@tutanota.com
moonlight10@mail.ee
fata52@cock.li
fata54@cock.li
phobos2020@cock.li
phobos2020@tutanota.com
xiaolinghelper@firemail.cc
redsnow911@protonmail.com
surpaking@tutanota.com
surpakings@mail.ee
btcunlock@airmail.cc
btcunlock@firemail.cc
anticrypt2020@aol.com
wiruxa@airmail.cc
yongloun@tutanota.com
anygrishevich@yandex.ru
alonesalem@keemail.me
alonesalem@protonmail.com
encrypted60@tutanota.com
cifrado60@tutanota.com
rantime@tuta.io
ransomtime@cock.li
opticodbestbad@aol.com
opticodbestbad@mail.ee
unlockdata@firemail.cc
onlyway@secmail.pro
jobiden1942@protonmail.com
jonneydep@protonmail.com
forumsystem@cock.li
forumsystem@techmail.info
sdx-2020@tutanota.com
sdx-20200@protonmail.com
encryption2020@aol.com
grootp2@protonmail.com
noobt56@protonmail.com
dragon.save@aol.com
dragon.save@yahoo.com
dragon.save@aol.com
drgreen1@keemail.me
drgreen2@protonmail.com
decryption24h@criptext.com
decryption24h@elude.in
fastwind@mail.ee
fastwind2@protonmail.com
newera@ctemplar.com
newera@tfwno.gf
johnsonz@keemail.me
johnsonz@cock.lu
pandora9@tuta.io
happy@gytmail.com
ghosttm@zohomail.com
falcon360@cock.li
tebook12@protonmail.com
rody_218@protonmail.com
erichhartmann_main@protonmail.com
erichhartmann_reserve@tuta.io
files@restore.ws
covidv19@tutanota.com
dtramp@tuta.io
lexus@gytmail.com
decrypt20@stealth.tg
decrypt20@firemail.cc
dowendowxxx@privatemail.com
ransom1999@tutanota.com
ransom2000@tutanota.com
hellook@gytmail.com
1bmx1@tuta.io
ransomsophos@tutanota.com
dr.cryptor@secmail.pro
dr.cryptor@protonmail.com
lepuscrysupp@mail.ee
lepuscrysupp@cock.li
keydecryption@airmail.cc
5559912@firemail.cc
@helpsnow (Telegram)
and decphob on Sonar
* List is currently being updated

PHOBOS – DEWAR Ransomware Hackers List

kryzikrut@airmail.cc
kryzikrut@airmail.cc and kokux@tutanota.com
zalarubata@airmail.cc
cristianominogue@cock.li
yanyddiel@airmail.cc
zanolven@airmail.cc
creampie@ctemplar.com
correctway@qq.com
red@gytmail.com
waleon@airmail.cc
wang_team777@aol.com
mccunesina@aol.com
howtodecrypt45@cock.li
danianci@airmail.cc
deltatechit@protonmail.com
gabriele.keeler@aol.com
pennmargery@aol.com
walmesleyemerita@aol.com
Jamees0101@outlook.com
chagenak@airmail.cc
white@gytmail.com
ubtc@cock.li
mr.helper@qq.com
covid20encoder@tutanota.com
@hpdec (Telegram)
decrypt_here@xmpp.jp (Jabber)
spacexhuman@tutanota.com
spacexhuman@protonmail.com
spacexhuman@jabb.im (Jabber)
* List is currently being updated

PHOBOS – BANJO Ransomware Hackers List

mutud@airmail.cc
krasume@tutanota.com
dert@airmail.cc
furas@airmail.cc
zorexaw@protonmail.ch
xizers@airmail.cc
guxehys@mailfence.com
sparem@kolabnow.com
watiz@airmail.cc
koseta@airmail.cc
dushep@airmail.cc
@krasume (Telegram)
* List is currently being updated

PHOBOS – ADAME Ransomware Hackers List

supportcrypt2019@cock.li
supportcrypt2019@protonmail.com
* List is currently being updated

PHOBOS – MONETA Ransomware Hackers List

@Monetadicavallo on ICQ
* List is currently being updated

PHOBOS – GOOGLE Ransomware Hackers List

Bossi_tosi@protonmail.com
back_me@foxmail.com
doss_help@qq.com
dinanit@protonmail.com
mijisches@protonmail.com
tcprx@cock.li
tcprx@protonmail.com
* List is currently being updated

PHOBOS – BARAK Ransomware Hackers List

smithhelp@mail.ee
smithhelp@airmail.cc
termitoss@inbox.lv
termitoss@mail.ee
termitoss@cock.li
termitohelp@protonmail.com
termitohelp@mail.ee
termitohelp@cock.li
* List is currently being updated

  • A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. (Source: Cyber Security Ventures)
  • 1.5 million new phishing sites are created every month. (Source: webroot.com)
  • Ransomware attacks have increased by over 97% in the past two years. (Source: Phishme)
  • A total of 850.97 million ransomware infections were detected by the institute in 2018.
  • In 2019 ransomware from phishing emails increased 109% over 2017. (Source: PhishMe)
  • Ransomware generates over $25 million in revenue for hackers each year. (Source: Business Insider)
  • Fewer than 10% of organizations who pay the ransom received their data back. (Source: TrendMicro)
  • 30% of customers infected by Ransomware had a second attack within 60 days
  • Global cybercrime damages predicted to cost $6 trillion by 2021,(Source: Kaspersky)

Other Ransomware Statistics:

  • 63% of confirmed data breaches involved leveraging weak, stolen or default passwords and usernames
  • 22% of small business breached by ransomware attacks in 2017 were so badly affected, they could not continue operating
  • 30% phishing emails were opened and 12% clicked on infected links or attachments.
    Source: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme

Most ransomware infections occur due to weak security, target attacked or fraudulent emails trap leading victims into opening an attachment.

Knowledge is power! – It is essential to understand the facts behind ransomware to better protect yourself

Ransomware occurs on a system due to weak security of some sort. If you are reading this you are properly a victim!

Here is some information you need to understand and take seriously

How is your system been comprised and infected with ransomware?

  1. Cybercriminals will run a BOT (A bot is a form of an automated scan searching the interned for valurnerable network systems and attempt to comprise its security)
  2. Once your system vulnerability has been identified, Hackers will buy the comprised list through underground websites
  3. The ransomware hackers will use the details to comprise and infect your system with ransomware
  4. Most often the BOT list is sold to multiple hackers

Have you removed the infected system from your network?

  1. This is a common mistake!! – isolating the infected system from your network is 50% of the solution.
  2. Hackers use group policy to distribute ransomware across your network and it remains undetected by most antivirus/malware software.
  3. Ransomware time-bomb, backdoor and keyloogers often implemented on your network to allow hackers to gain access to your network especially if you pay the ransom.

Please be warned, once you have been infected, its emanate that you are very likely to get another attack.

We recommend a full security check on your network to identify the penetration point(s) and make sure adequate security is implemented prior to your data recovery

We offer ransomware prevention and ransomware recovery serivces parallel to ensure your files are recovered on ransomware risk free system without delaying the recovery of your files (our recovery and prevention team work parallel to ensure the prevention and recovery are done simultaneously)

Ask us about our Ransomware Prevention and Security Audit

TIPS TO PROTECT YORU NETWORK FROM PHOBOS RANSOMWARE?

In order to protect yourself from the PHOBOS variant, or from any other ransomware, it is important that you use good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.

You should also have security software (please talk to us about our recommendations) as most antivirus do not provide complete protection

Last, but not least, make sure you practice the following good online security habits, which in many cases are the most important steps of all:

  • Backup, Backup, Backup!
  • Do not open attachments if you do not know who sent them.
  • Restrict RDP access
  • Make sure all Windows updates are installed as soon as they come out! Also make sure you update all programs.
  • Update older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.
  • Make sure you have a recommended security software installed.
  • Setup a password lockout
  • Use complex passwords and never reuse the same password at multiple sites. SUBMIT AN ONLINE CASE OR TALK TO OUR RANSOMWARE SPECIALIST TO ASSIST WITH RANSOMWARE PREVENTION

IS YOUR SYSTEM INFECTED WITH PHOBOS RANSOMWARE?

If you are infected with the PHOBOS ransomware, you most likely will experience some (or all of) the following:

Pop-up message advising you that your data has been encrypted and demanding that you pay a ransom.
Files won’t open.
Files have been renamed with a new extension added (PHOBOS) and a contact hackers email address
Applications won’t open.
Antivirus software is disabled.
Computer system locked down.
Computer system running slowly.

Submit an online case or talk to our ransomware specialist to assist with PHOBOS Ransomware recovery

Get A Quote Now

Once you realize your system has been infected by PHOBOS Ransomware, remove your infected system from the network (do not shut down as you can cause further damage). Do not make any attempts to remove the ransomware yourself by running an antivirus program as this may also cause further damage to your files.

At this point, you should call in our Ransomware expert to access the situation and provide you with the best way forward.

Get Ransomware Help Now!

We offer worldwide support with 24/7 customer service. Here are
some ways to contact us.

Talk to a Ransomware Expert

chat with a ransomware specialist for free to recover your data now!

+612 8259 0334

Get Help Now

We are waiting to help you and your business – so don’t hesitate to reach out!

Get A Quote Now

Language >>