EKING Ransomware
Decryption & Recovery Service

All our recoveries are guaranteed, no data no charge!

>> Get a FREE Assessment in 1-4 hours>> Get a FREE Assessment

Sammy Soru
Sammy Soru
07:29 05 Oct 21
FDR Amazing. I got all my files back.Very, very helpful.
07:22 17 Sep 21
Would’ve been cheaper to pay the ransom then what they wanted to charge me.Appears to be a lot of fake reviews on here. People with only the one review…seems very suspicious to me. 😬🤔
Matthew Roderick
Matthew Roderick
13:57 07 Sep 21
FDR saved my life after a ransomware attack. Literally my life files were completely locked down.... If it wasn't for FDR I would have lost 20 years of archiving including family history and business files. I am so lucky, Thank You FDR, you are truly the best!
John Russo
John Russo
14:38 27 Jul 21
When hit by a ransom ware attack my computer was zapped and would no longer reboot. All the 2 TB files on two separate external drives were encrypted and no longer available. Many years of work including important legal files were destroyed, and I had given up all hope of recovery.Thanks to Ramez and his capable team all the files were successfully restored within only a few days.I was extremely fortunate via Google to have discovered FDR , and they deserve the very highest recommendation.I have now learned a lesson the hard way. - - - - Have full backups and do NOT leave external data drives connected whilst online.
Nils Förster
Nils Förster
05:50 15 Jul 21
Vorsicht diese Firma kann nicht jede Ransomware entschlüsseln. Sie kaufen die Schlüssel bei den Epressern. Sie lassen das ganze nur professionell und vertrauenswürdig aussehen. Meine Daten sind weg aber lieber so als Betrüger zu unterstützen.
19:51 04 Jul 21
Second time that i use them, it's simply crazy what they are able to do. Thanks a lot!
Junaid Ahmad
Junaid Ahmad
05:15 02 Jul 21
Colin Clarke
Colin Clarke
15:46 30 Jun 21
Our company has been recently hit with a ransomware attack, after doing some researched I got in touch with FDR to see if they can assist with our ransomware issues. After having our initial discussion with FDR, we immediately engaged them because of their responsiveness and extensive information on encrypted files.FDR did an analysis of our server and gave us a guarantee that they can de-encrypt our files and we were not disappointed. FDR delivered our de-encrypted files with exceptional professionalism and within 48 hours.I am proud to say we got back 100% of our files and can recommend FDR to solve any of your ransomware issues.DirectorPrudecon Limited
Marylu Bearup
Marylu Bearup
14:26 27 May 21
Rusty Brown
Rusty Brown
02:39 20 May 21
Awesome Team! as the name says: "Fast Data Recovery" I Ran into a ransomware issue and they really helped me out.Thanks Everyone!
Ramón Videa León
Ramón Videa León
16:28 19 May 21
Paul Devante
Paul Devante
10:04 19 May 21
Very good guys. They managed to recover all of my encrypted data(from one of the newer variants of ransomware), way faster than anticipated and they were very helpful and understanding throughout the process. Would wholeheartedly recommend if anyone has similar problems
Pro kids
Pro kids
15:20 18 May 21
I was infected by ransomware ( Zeppelin ) it was nightmare , finally 99% of my files have been recovered by FDR, and others 1% I just find in my own backups... so we stop recover and get 100% result !!!! ... after all ... I can say FDR = success :)) , jut by my own experience... if you attacked by ransomware, you must contact FDR team only ....strongly recommended !!!!!!!!!! thank you for great job !!!
Inês Silveira
Inês Silveira
14:59 18 May 21
As a Small Accounting Company in Portugal that deals with enormous amounts of files and information of companies and individuals for the last 16 years, seeing every single piece of data encrypted on the Easters' weekend rocked us to our core.In the few moments after understanding the situation and the repercussions to our company and our clients, we were overwhelmed with an unspeakable anguish and sense of dread.We later learnt from a client who went through such event past summer, about this Australian company that was able to fix their problem rather quickly and so, with no options we decided to reach out to Fast Data Recovery (FDR).I will not lie; we are talking about a lot of money; money we did not have, as most small businesses and individuals don’t.So, it was hard for us in such a short amount of time to come up with the amounts necessary to get them started on the process of recovery but since it was a matter of either get it, or close the company and go bankrupt, it kind of ended up being priceless (thankfully we also have some friends who were able to lend a BIG and unforgettable hand). And keep in mind that being a foreign company, from the other side of the world, we were rather scared that it was all a lie, and that we were just sending money somewhere blindly and relying mostly on faith.In a week, give or take, the situation was indeed resolved, and we cannot thank FDR team enough for really coming through and fixing it all for us.The various members of the team who talked to us through the days were very helpful although a bit distant – not to their fault as we (the clients) are slowly collapsing for most of the process and for them is just another day at the office – but never stopped replying and reassuring us of their work every time we asked. As you can imagine we were quite annoying...!In short, it was horrible rollercoaster of emotions and a high price overall (which we hope to never go through ever again) but the FDR team did what they said they would do and for that we are eternally grateful.Thank you!A. Patrício Team
Donal Bray
Donal Bray
11:55 15 May 21
Nirav Parikh
Nirav Parikh
08:06 13 May 21
John Smith
John Smith
21:55 10 May 21
Daniel Mallard
Daniel Mallard
11:26 23 Apr 21
We recently were put in touch with a distraught company who was hit by Ransomware and did not have a comprehensive data backup. We contacted FDR whom we had used before who promptly recovered the data and we restored the company back to a working state. Thanks to everybody at FDR who completed the job in a professional and timely manner. regards Echo Support Team
Alberto Leal
Alberto Leal
16:30 21 Jan 21
We had a ransomware attack on December 15 of last year. I got the recommendation to use Fast Data Recovery from a friend that had the same issue a few years back. Their response is super quick, and the communication with their staff very fluent. At all time they will answer your questions, and we always had information of how the process was going.They worked non-stop to get our files back and got us back running. They saved us from having to rewrite our information and gave us peace of mind. Would definitely recommend.
John Cottam
John Cottam
16:02 29 Dec 20
This company advertises free evaluations, then charges a $350 (AUS) approx $275 US fee to do an evaluation which I assumed would be refunded if no data recovered.. They then sent a quote for over $6500 to get my data back (which I do not have and have only minimal data I need). They then refused to refund me the money I paid up front.. So.. their "no recovery, no fee" is a lie.
Mazaq Alboun
Mazaq Alboun
23:07 12 Dec 20
You did well and may God bless youA very respectful, hardworking and skilled team whose mission was completed successfullyI wish you more progress
Adrian Yayan
Adrian Yayan
03:57 07 Dec 20
I was infected by ransomware (.VARI) on august'22 2020, finally today all of my files (more than 100 GB) have been recovered, 100% successfull guarantee....., i don't know what to say....trust me, if you attacked by ransomware, don't ever call 911 but you must contact FDR team only. you'll never walk alone....strongly recommended!!!!!!!!!!!!!!!!
Edward Johnson
Edward Johnson
23:04 01 Dec 20
Feels like they hold you to ransom
chuc nguyenmanh
chuc nguyenmanh
03:58 16 Nov 20
Fast efficient, very satisfied
facturasoporte vaqueiros
facturasoporte vaqueiros
18:12 02 Nov 20
Good job for recovery data from of virus phobos variant in lest 24 hrs.
Victor Artha Rusli
Victor Artha Rusli
17:18 02 Nov 20
About a year ago my data were hit by ransomware attack (.seto)Initially I was looking for help from an IT company in my country Indonesia. But nothing is quite as professional & safe as FDR.Even though it was 1 year ago, I will never forget the assistance that FDR has provided. Especially to Rames & Mina, God bless you. You have saved my life.All data has returned to normal and can be accessed. Again thank you FDR!!
Zubair Carim
Zubair Carim
13:48 02 Nov 20
Thank you for the professional service and fast recovery time. It was a worst night mare come true when getting to the office on a Monday morning and realising that one of our servers was a casualty in a Ransomware attack.I considered paying the ransom at first, but after some research and checking out your reviews I decided to put my faith in Fast Data Recovery. Thank you again. The level of professionalism displayed by your company and its staff is second to none.I can without a doubt say, that I will refer anyone that has a similar problem, knowing well that they will also receive the same life saving service that I received.
Hussien Alsakkaf
Hussien Alsakkaf
07:05 22 Oct 20
i was very lucky to get to know FDR Company, this company has saved me lots of timethey helped our company to recover my data in our attacked server by ransomewarethey very professional and very responsive and they are avaliable 24/7my advice to people is don't pay the hackers even if they ask for lower price because you can not trust criminalsThank you very much FDR
Susana Alves
Susana Alves
14:59 11 Sep 20
Our company was hit by the ransomware virus and some of our data was lost. We desperately sought out the best professionals, but sadly, they were unable to help to decrypt our data. When we contacted Fast Data Recovery, we finnaly got hope, as they promised to recover all of our data, which they did! Thanks to the hard working teams of FDR!we recovered our data and deeply appreciate your work. They always answered our doubts patiently, working 24/7. Congratulations to the formidable team! Susana Alves TI from Portugal
Cristian Dragomir
Cristian Dragomir
09:10 24 Jul 20
Comunication very good. Decrypted database files. I will recommand FAST Data Recovery to all my friends.
Joaquim Martins
Joaquim Martins
00:40 14 Jul 20
kindly for you assistant during recovery our potential client's data, once again R2M team thanks for you support and expert engineers successfully delivery and professional quick turn around with zero data lose.100% recovery
win myat naing
win myat naing
07:11 26 Jun 20
My company was hit with ransomware virus and our data got lost. We desperately looked for top professionals from our country but they were not able to help with decripting our data. When we contacted Fast Data Recovery, our hopes went up and they promised to get all our data back. Thanks to hardworking staffs at FDR we got back our data in 24hours and we deeply appreciate their work. While other company wouldn't even bother to pick up calls or reply with a quote, FDR explains with patience and reponsive. They always pick up their phone and talk to us no matter when we called. It's truly amazing that they were able to crack it while others can't.
15:12 02 Jun 20
We Would Like to appreciate Fast Data Recovery Team for their hard work and efforts for Decryption our Data and has given fruitful result.Honestly we were planing to forget our historical Data of the company when it was infected from Ransomware. But FDR Team took this as challenge and gave us positive result in short period of time.On Behalf of my company Annasban group i would like to convey Thanks and many more appreciations to FDR.
saurav jha
saurav jha
11:38 28 May 20
Indeed, the name fast data recovery really suits these amazing professionals. My organisation was having a very tough time dealing with this ransomware attack but Ramez and his team -(Ed, Tim, Conrad, John, Arbs) were very much helpful during this tough situation and were able to decrypt all the files within 48 hours. With Superb communication they will provide you 24/7 service. We went to few other professionals(such as STELLAR) also but trust me they will only waste your valuable days and money and give you absolutely the scrap things which will make you more unhappy. Before going to any organisation, please visit FDR(Fast Data Recovery). They are the one stop Ransomware attack saviour.Thank you Team for all the support. I would like to write much much more about you guys but I am just stopping myself here. Take care, stay safe.Saurav JhaIndia🙏🏻
Zainal Arifin
Zainal Arifin
02:27 16 May 20
FDR recovers our almost 15 TB encrypted files in 15 hours. Really save our life and their response also very good.
Jaas Telecom
Jaas Telecom
00:40 29 Apr 20
Son personas muy profesionales, no les niego que al principio senti desconfianza, pero me ayudaron y me asistieron hasta que toda la info fue recuperada. Excelente servicio, ampliamente recomendados
Lucian Socoliuc
Lucian Socoliuc
18:56 24 Apr 20
Hi friendsI.m from Romania , FAST DARA RECOVERY is most serios and professional company even i see in this areea , all my files was recovered is a verry short time ! The ransomware was on of most dangeros from world .This guys decrypt for us 221000 files!THANK YOU VERRY MUCH FDR and i wiil recommand you every time ,everywhere!
Marwan Al-Qassas
Marwan Al-Qassas
21:46 07 Apr 20
Knowing FDR Company Is One Of The Most Happiest Time EverHonestly I don't know how to thank this company , as a matter of fact you've saved me guys not loosing years of hard working , I really really appreciate what you've done dears, thanks .
Javier Mendoza Callata
Javier Mendoza Callata
02:20 24 Mar 20
FDR a resuelto mi problema al desencriptar mis datos en extencion .derpAgradezco a todos los ingenieros que me ayudaron a resolver esto.Lo unico que me dificulto fue el idioma. Cualquier persona a quien pueda ayudar dando fe de la veracidad de esta empresa, estare disponible a contarles mi experiencia de manera mas detallada al correo: javier.mendoza.callata@gmail.com
Penyelamat Data HDD SSD USB
Penyelamat Data HDD SSD USB
09:09 02 Mar 20
I am from the Harddisk Data Recovery Specialist in INDONESIA, we specialize in dealing with damaged hard disks to save data and I have many cases of ransomware viruses and asking for help from the FDR, they always succeed successfully, the success rate is always above 95 percent, FDR is really very professional right deal with satisfying service. So far there have never been 1 case of ransomware that has not been successfully handled. Really really great.
Võ Ngọc Vy Oanh
Võ Ngọc Vy Oanh
04:41 26 Feb 20
Perfect services. We appreciate your results!
Riad Riad
Riad Riad
11:49 09 Feb 20
They seem to be professional, had to pay $350 for urgent evaluation. The cost to Decrypt the files is very high. I lost my deposit. I am suspicious that they contact the ransomware people for the keys and make commission from the end users. I got a cheaper quote from the ransomware people.
أحمد مصطفى عبد المنعم حسين أبو هشيمة
أحمد مصطفى عبد المنعم حسين أبو هشيمة
03:33 30 Jan 20
It is one of the greatest ransomware companies. I have succeeded in decrypting my files from the online seto. Rsa encryption is really that they are new heroes. Rams Yusef is the new leader of the nation and the EMSisoft company Which doubted You will not be able to do what this company does
Gizmo Pennington
Gizmo Pennington
17:39 20 Jan 20
My wives’ machine was hit with ransomware on the day after Christmas. The attack encrypted all files on her machine and all the files that were shared to her through the LAN on my machine. I did have a nine month old backup of my data but she had no backup what so ever. There was more than 30 years of documentation that was completely useless and in a desperate attempt to recover the last 30 plus years of our lives I contacted FDR through a search on Google. I was not going to pay the crooks! I have to admit there were a few times in the four days after first contacted them when I became skeptical and felt they were going to walk away with the large amount of cash I had paid and give me nothing in return, but it's very hard to think straight after being attacked like that and not eating for the four days due to stress. I was elated the evening they contacted me telling me the key was ready and they could begin the decryption process, but couldn’t access the machine. They were always there when I called for status updates, but after hearing “it’s going to take a bit more time” several days in a row, I had actually unplugged my wives’ machine which also had my drive to be recovered in it. I had gotten very nervous after listening to family and friends so I figured I would plug it back in when/if they had the key ready and at that point there was nothing anyone could do to make things worse. I received the email stating the they were ready to begin and I plugged the network cable in and within 30 minutes they were in with a DOS window open scrolling my files past at a very fast rate with the REdit decryption tool in front showing the progress…about five hours later over 200,000 files had been recovered and I had received another email telling me they were done and to backup all the files on an external drive. Another almost 5 hours to copy all my wives’ files to the external drive (my drive was unplugged from the machine so it was safe). The attack had crippled the windows load partition on the machine so I had to go to the Microsoft store to pick up a fresh load of the operating system to completely reload to the now re-formatted drive.I was drawn to FDR by the reviews I had read, in my moments of despair I started thinking that anyone can write a review and tell you anything, I just want to say that they are a reputable service and saved thirty years of my wives’ and my life of memories. Thank you Ramez, I’m sorry I doubted you, but I was extremely stressed out! And thanks to the rest of your crew!
Hiến Trương Đăng
Hiến Trương Đăng
09:53 19 Jan 20
FastCarefulProfesionalAnd last is Credibility.
Foivos Kalamatas
Foivos Kalamatas
17:38 31 Dec 19
Great work. It has decrypted 215000 files with 100% success. In 5 days as they said. Very good prices. Very good professional. It is recommended for sure. I had the ransomware STOP / DJVU with mbed file ending.
M. Köhler
M. Köhler
18:25 14 Dec 19
Ich habe seit 14 Tagen ein Problem mit einem Virus. Ein Teslacrypt Ableger. Habe am 02.12. mein Geld überwiesen um den Prozess zu beschleunigen, aber seither außer Allgemeinplätzen, dass die Mitarbeiter bald fertig seien nichts adäquates gehört. Ich denke die helfen nur bei leichten Problemen die man auch mit kostenlosen Tools lösen könnte. Rausgeschmissenes Geld dann hätte ich auch gleich an der Absender Geld überweisen können. Das Ergebnis ist vergleichbar. Gruß Mexxchen
07:11 27 Nov 19
We were hit with a Warranty Ransomware almost 12-14 days ago. I reached out to these guys for assistance in the wee hours of a morning as our tapes were dead too. Paid the $500 priority and was still waiting for a response after 48 hours. We got quoted $10K AUD to repair which we paid as we were hoping they would be able to help. The remotely accessed the machine I gave them using a web relay. 12 days down, our data being recovered is nearly useless to us so we have asked for a refund.I am now being asked for my Admin details so they can recover the drives. The website has advertised can close down the case for a full refund.If they needed my details to progress, I would've expected them to hassle the hell out of me so they could do their job. Instead, they waited for me to ask for a status update before looking for progress.EDIT 2 - Owner has contacted me to discuss and offered the full refund as per expectations. I have been provided a very good explanation as to sequence of events and there was a commitment to make things right. I am at the top of the food chain in business myself and formal process can get in the way of customer relations.I am very satisfied with the discussion we had and am reassured that I am not dealing with an unprofessional back yard operation, but an actual core business who actually attempt to brute force through encrypted files. Raised to 3 stars based on the dealings with the owner. Once refund clears I will not only raise to 5 Stars, but even endorse and use FDR again. Crypto is an art form, it can be beaten depending on how implemented, but our situation required data became historical and we needed to move on with the machine being decrypted. Had they had more time (which I didnt have), I am sure they would've managed to get somewhere.
Hang Cheng
Hang Cheng
10:16 24 Nov 19
"Congratulations, files have been recovered".To a ransomware victim like us, it's a big relief and unbelievable.I have to admit after the 48-hours passed by, we're starting to have doubts whether out files will ever be recovered or we need to resort to paying the ransom.But at the 55 hours mark, FDR, came through with the result.Mina is a great guy! Many congratulations Mina for great support!FDR is your 911 to call for ransomware recovery.Thank you very much team FDR for rescuing us!Hang Cheng, California, USA.
11:18 19 Nov 19
Phobos w wersji z listopada 2019 odszyfrowany! Firma bez problemu odszyfrowała 17 tysięcy ważnych plików. Wiele dogodnych form płatności, bardzo dobry i szybki kontakt. Jeśli się wahasz czy są skuteczni i wiarygodni to napisz, chętnie pomogę i pokieruje. Polecam!Phobos decrypted from November 2019! The company easily decrypted 17,000 important files. Many convenient forms of payment, very good and quick contact. If you hesitate if they are effective and reliable, write to me, I will be happy to help and guide. I would recommend!
Rueng Zaa7
Rueng Zaa7
09:43 09 Nov 19
FDR does incredible and fantastic job! I don’t think that I will get so many good experiences from here before.From night of July 23 until November 5, I was a victim of outrageous STOP/DJVU ransomware by accidentally installing Norton key generator in my home desktop PC. You don’t know how much I felt once my files were successfully locked and lost, so it was really sad and I was fallen into the nightmare. It locked my family valuable old data like photos, songs, documents and etc. to online RSA-1024 encryption. I spent over weeks read all internet solutions, contacted various cyber security researchers who claimed to be experts and searched out the services throughout Thailand but nothing worked and they all declined that they couldn’t help. I found Fast Data Recovery ads from Bleepingcom forum in late August, read all service details and all customer reviews in Google and TrustSpot before I decided to contact here and received a ticket. Two days passed after that they finished analyzing my case and told me that they definitely could help, so my hope came back but the price was expensive and my family didn’t believe they were honest. Until late September they asked me if I still wanted recovery or not, after that I immediately negotiated them to reduce the price and accepted quote with their latest price in late October. Later I seriously followed their given steps, left my server always online if needed until finally they succeed find a valid key and decrypt all my files in that morning. I woke up, read their last post then checked all files and said to myself “I get everything back, really? Wow!” Now I feel relief, crying with smile and feel really happy to see my family photos, old tutor videos and everything back to original and become accessible again. Moreover, all files had zero corrupt and there was no any error found on each of files as well. That is amazing! you save everything that stored in my family desktop PC as you promised without any crashed.Today I hope to never get through this horrible experience anymore. And also have learned the lesson about back up and how dangerous of ransomware is, but I am glad and proud to have the legitimate expert ransomware recovery like "Fast Data Recovery" born in this world. Where none of any local data recovery service can resolve this problem. I want to write my thank you letter and a public review to your Google Place profile because it was really the best impressive story that I have ever get in my life. With friendly - polite service they provided, quickly respond - managing and very great advice, you will deserve earn more reputations and should promoted as the world best data recovery service at this time and future for sure! I would highly recommend to all Thai victims forget paying hostiles and contact here instead as they are the reliable service, safe, honest and accept international customers as well.There is no other word to say than million “Thank you” and “Thumb Up” to all FDR engineers and the leader Ramez here. Thank you very much Fast Data Recovery, I am appreciated to see your good operation and saving both home, business and corporation victims until now. Greeting new heroes!! ❤👍— Chavisa Assawasupalarp and family from Bangkok, Thailand
Khalil S.Oghli
Khalil S.Oghli
07:24 31 Oct 19
Excellent services! FDR fulfilled everything promised in a timely manner,recovered our files and our ERP back to work normally.Many thanks to all the FDR team.
Ricky Mann
Ricky Mann
17:35 14 Oct 19
I am in the USA. One of our servers was hit with ransomware (RDP wide open, wasn't me). The price they requested was slightly higher than the ransom but it was easier to convert USD to AUD than to buy Bitcoin, and they got the job done as promised. This was over the Thanksgiving holiday too. Would recommend to anyone and God forbid it happens again I know who I will call!
osool data
osool data
17:25 17 Sep 19
see every body this company is cheater
Giacomo Sugliano
Giacomo Sugliano
06:47 16 Sep 19
Molto professionali, competenti e veloci, un'azienda seria che è stata capace di recuperare tutti i mie dati, prima di scegliere FDR , avevo provato con altre aziende in italia e in europa, nessuno di loro è stato in grado di aiutarmi, poi dopo una lunghissima ricerca su internet, trovo FDR, e tra mille dubbi e incertezze dopo quello che mi era successo, preso dalla disperazione provo a contattarli senza riporre molte speranze....Invece dopo il primo contatto telefonico con un'operatore molto cordiale e preparato, mi sono deciso di affidarmi a loro..Per fortuna oserei dire, perchè sono riusciti a recuperare tutti i miei dati in poco tempo, quando nessuno era stato in grado di farlo, fantastici!E il costo del recupero, comparato con i competitori è veramente competitivo!!!!grazie mi avete salvato!!!
Greg Parr
Greg Parr
04:22 13 Sep 19
FDR did a great job in working with our IT specialist to ensure all our data was decrypted. I would recommend them to any in Australia, it was very hard to have the confidence in a company on the internet when you have just been hacked and ransomed but it was certainly helpful to be able to call and speak to someone in person.
Trishna Arya
Trishna Arya
08:40 11 Sep 19
FDR is a life saver!!! they were able to recover our data 100% in 5 days as promised. They were constantly in touch letting us know what was going on and always provided an update irrespective of the time. They do definitely work 24/7!! M so happy I used them and I am going to make sure they are responsible for my business IT security from hereon!!!
Alain Déjean
Alain Déjean
22:21 02 Sep 19
All files are recovered. FDR is a Life Saver!
22:28 24 Jul 19
They were successful in decrypting however, they did not stand by their higher quotation for a priority service.We were given two payment options :Emergency (1-5 business days 24/7 for an average turnaround) andStandard (up to 14 business days M-F 9am - 5pm Business hours)We chose the emergency option at the higher fee but they ended up taking 15 days. If they offer a 1-5 business day service for a higher fee, I think they should honour the timeframe agreed to or refund the difference.
Jorge Fernandez || ITGuys
Jorge Fernandez || ITGuys
14:35 15 Jul 19
excellent service, they did not hesitate to answer and make us a quote to save our information, luckily we just needed a database and found a backup of it.
Randall Vitek
Randall Vitek
15:10 13 Jul 19
24-7 support and they do get it done or you do not pay them! They did a wonderful job for us (2 passes of Gandcrab ) . They took quite a while but were working on it every day! ... and I am in the USA!!
Laval Lee
Laval Lee
18:58 27 Jun 19
Went with FDR to have the data recovered and are extremely happy all files have recovered. Would recommend to other companies. Thank You.
Suyog Pradhan
Suyog Pradhan
12:23 27 Jun 19
We were extremely happy that we got in touch with FDR to get this issue resolved. They were able to recover 99% of our total encrypted files and we are happy with their service.
Ricardo Martinez
Ricardo Martinez
15:06 04 Jun 19
Sufrimos ataque del ramsomware PHOBOS. FAST DATA RECOVERY recuperaron nuestra información 100% en solo 48 horas. Antes de hacer el pago pedimos información a la embajada de Australia en Mexico y verificamos que fuera una empresa registrada ante la ley. gracias a FDR recuperamos la informacion y la tranquilidad.
Lucas Lenzi
Lucas Lenzi
10:32 28 May 19
Soy de Argentina, me ataco el ramsonware phobos, y me ataco hasta los archivos de backup, no tenia confianza al ser una empresa australiana, y por la distancia y diferencia horaria.Se demoraron unos días, pero desencriptaron casi todos los archivos de la empresa, 100% recomendables!!Saludos.
Felice Di Tanno Bilanciai Sud Sas
Felice Di Tanno Bilanciai Sud Sas
08:52 15 May 19
Serious and professional companyAn excellent data recovery serviceThanks to all the company
08:21 15 May 19
Daniel Purdy
Daniel Purdy
04:56 18 Apr 19
These people are Scam artists. They make up their own reviews to look good. They take your money and then ask for nearly Ten Thousand Dollars which is more then what the Ransom was to begin with. These people will talk you in to buying their quote advising there is a refund if you arnt happy. They are thieves and lier's. Don't waist your time. BEWARE ! This company is a HOAX!
Francisco Rojas
Francisco Rojas
18:18 06 Apr 19
Total domino effect, our servers encrypted! Web, data, backup, user access. We faced a total nightmare!FDR team recovered all database's files! We were very impressed with the response speed and quality.There are not words to express how grateful we are at our company.We really trust them and recommend their services: speed, quality, follow-up, ticket control, phone answers, etc.Customer journey was excellent under this ransomware crisis. Thanks!-Francisco Rojas "
Kobra Kai
Kobra Kai
16:30 01 Mar 19
Legal Greenhope
Legal Greenhope
07:50 29 Jan 19
Fast Data Recovery is very professional in handling our matter. The team responds very quickly and patiently explain to us what we need to do to resolve the issues. Not only that, they are able to solve our issues where no other company can. I highly recommend their services.
Péter Végh
Péter Végh
19:11 22 Jan 19
Thank you very much for the decryption. More than 1 million files decrypted successfully.
Kaj Bjorlin
Kaj Bjorlin
02:41 14 Jan 19
Such professionals! Very Responsive 24/7 and managed to decrypt 98,000 ransomware .ADOBE files in less than 20 hours! A bit expensive but likely the best crew on the planet!
Sergio Guerra
Sergio Guerra
13:10 18 Dec 18
Excellent services! FDR fulfilled everything promised in a timely manner,recovered our files and despite the language barrier and usesdifferent schedules kept us always informed on the progress inthe task of recovering our data. An excellent service highlyrecommended. Many thanks to all the FDR team.
graham hand
graham hand
10:33 06 Dec 18
From the first phone call from the customer and my arrival onsite, I knew that the Crypto virus had caused carnage beyond repair.We were talking months of data and backup infected.I done some research on paying the ransom and decided instead to make contact with FDR.I paid the initial consult and got a quote on restoration. I must say that although the price was more than I anticipated, the speed of delivery, the promise and the work ethic is second to none.They recovered 100% of the data within the time frame meaning my customer to get back to business. I would definitely recommend their services if you are hit with any of the ransomware attacks.One happy IT professional here. Kudos FDR.
Ahmad Daadaa
Ahmad Daadaa
16:21 02 Dec 18
i was attacked by a ransomware and contact FAST Data Recovery and they have a professional support team that recovered my encrypted data in addition to ther high response with their customers and for witch i thank their team for this great work
Florent Masson
Florent Masson
08:58 30 Nov 18
Excellent, FDR très professionelle et a réussi à faire en très peu de temps ce que d'autres ne pouvaient pas - 100% de récupération de tous nos fichiers. Nous étions un peu sceptiques quant à l'approche et l'urgence dans la demande de paiement mais très content d'avoir nos données. Processus transparent et rapide !
13:12 28 Nov 18
I have never written a Google Review.... Until Now!Fast Data Recovery helped us through our most catastrophic and dire circumstance we have experienced as a business. We were hacked and held to ransom by hackers, whilst all of our backup systems had failed.Ramez was there and ready to help. His brother Mina was also fantastic.Initially I did not trust them. We felt vulnerable as all our security measures had been breached and our data was being held to ransom.However we refused to pay the criminals and risk further loss. Ramez and Mina’s expertise and security advice was second to none. They performed a full security check of our system and locked it down before beginning the data recovery process.I highly recommend this company for all ransom ware recovery. It worked for our small family business. MOYB is again operational and running (we had lost over 5 years of financial and business data to the ransom ware). All of this data was fully recovered.We have now ditched our old IT provider after these events as they failed to run sufficient backup systems. Ramez installed a 3 tier backup solution for us that proved to be more cost effective than the services offered by our previous provider.Additionally to this Ramez has incorporated additional security measures to our network with a service level agreement that covers us for any future breaches.They have also upgraded our Telephony system and brought us into the 21st century with an intuitive menu system all the while saving us over $300 a month.Very happy with this fantastic IT company. They saved us from the brink and made us better.
Stephen Galleher
Stephen Galleher
18:24 27 Nov 18
The loss of my files through encryption was extremely stressful to me. While I had a good number of files backed up on a cloned external hard drive, with others on a backup service, critical files were not so accessible. FDR held my hand through an unbelievably hair-raising experience. I cannot believe how complicated it must be to extract the key to unlock these files. Meantime, I was fuming at my own bad judgment in allowing the offending ransomware to infect me, and at the perpetrators, whose livelihood rides on other persons' and institutations' misery.Anyway, FDR did a fantastic job. Not only are all my files restored in tiptop shape, but the accompanying ransomware notes (that were inserted in every encrypted folder) were deleted in the process.Thank you, FDR.
Lee Corrigan
Lee Corrigan
05:37 25 Nov 18
Our company suffered a recent ransomware attack and we had no idea where to start with recovering our data. We discovered Fast Data Recovery online and when I called I found them to be very informative and after providing a small sample file they guaranteed they could recover at least 95% of our data. I was sceptical but am pleased to report that we received our complete MYOB, payroll and documents files intact within the time frame agreed. With Fast Data Recovery's input we have also implemented new strategies to ensure we never find ourselves in this stressful position again.
Michael Benbow
Michael Benbow
07:44 16 Nov 18
These guys are legitimately my guardian angels. Last Thursday my personal development server got brute force RDP attacked and was infected with a new, advanced type of ransomware. Not only was my server attacked, but it propagated through to my mirrors, my backups, and my redundancy backup of my backups. It went through everything, from my work history from the last 20 years, to my personal family photos and videos, including irreplaceable content of my deceased father. Everywhere I turned said that i was out of luck, and I had to accept that they were gone. I found Fast Data Recovery, in a mad panic, within 15 minutes of finding the ransom message and immediately they were able to calm me down and get started with the process. Around 7 hours later i was told that they could do a 100% recovery, and I opted for the 24 hour emergency option. This did not eventuate, but any time I needed to talk to someone they would answer, update me on the process and reassure me that they would be able to beat out the new, advanced algorithms these criminals were now using. A few partial successes later, the big breakthrough happened on Wednesday evening and all the files started to decrypt. 1.2 million files and 24 hours later, I am utterly speechless and have nothing but love and gratitude for the team who worked around the clock to help me get back the irreplaceable. The appreciation and sense of how I feel really cannot be put into words. Your heart sinks, everything turns dark, and these guys come to the rescue. Thank you FDR. Thank you Ramez. Will recommend to anyone and everyone in a heartbeat. Ignore the negatives and just contact these guys. They will change your life.
Peter Lamb
Peter Lamb
02:37 16 Nov 18
Excellent, FDR managed to do what many other similar companies couldn't - 100% recovery of all our files. We were a little sceptical about their 100% recovery guarantee and although our recovery was a little difficult and took a bit longer due to it being a new encryption FDR persisted and managed to recover every single file. Communication on the progress of recovery was excellent and advice on what we now need to do to prevent it from happening again is invaluable. Staff were very knowledgeable, friendly and happy to discuss future improvements to our security and backup solutions. Don't waste any time shopping elsewhere for your data recovery - FDR is the only one you need to ring for a successful outcome.
Ant Mit
Ant Mit
14:51 27 Oct 18
I suffered a server wide Combo attack, rendering all data on it useless following an RDP breach (warning: MAKE SURE YOUR CONNECTIONS ARE AIR TIGHT AND PASSWORDS ARE COMPLEX!!). I was at the end of my tether and facing severe problems as the backups had been affected too. I never hear anything about recovery services but the combo attack is not covered by current self-fix solutions, and so tried them as I had nothing to lose. I sent a file to them and waited to see if they could help.A few hours later I received the original copy of the file, and it was one they couldn’t have forged. They are expensive ($8000AUS) but the data was irreplacable, so I had no option. Less than 24hrs later they had been on the machine, scanned all possible keys, cracked the encryption and ran decryption software to bring back my files!! 200k files, and all restored! I couldn’t be happier, and WOW did I improve our backup procedures afterwards.Thanks guys, for giving me my files back!
Ziyad Ashour
Ziyad Ashour
07:51 27 Oct 18
Thank you Fast Data Recovery, data was recovered to original file extension by the wonderful support from Fast Recovery team.
John Denton
John Denton
21:10 21 Oct 18
Got ransomware on a server and was very skeptical of getting all files back without data loss. A quick upload of one of the encrypted files to there website and got a response back they could decrypt the files and get us back in running with several different options. They even added extra server to the process and got everything back in less time than they figured.
Nice Man
Nice Man
13:01 16 Oct 18
Our company through a series of unfortunate circumstances was hit with the Combo ransomware virus on none other than 9/11/18. We found Fast Data Recovery and they were very professional from the beginning. Very responsive with communications and followed through until all our data was recovered. Thank you to the entire FDR team.
Riccardo Succa
Riccardo Succa
18:14 15 Oct 18
Tecnici impeccabili. Un servizio rapido e collaborazione totale.
Ahmed Abd El Ghani
Ahmed Abd El Ghani
15:49 07 Oct 18
We Had Ransomware Crysis and all Our Customer Infected with that Ransom and we try With Many Companies worldwide till to get Information about Fast Data Recovery , really we are very Happy with them to retrieve DATA for our client ,in short time Only 24 Hours Rally Tanks for Fast Data Recovery Team
Roula Jabbour
Roula Jabbour
06:30 11 May 18
We had ransomware on our business computer and we couldn't access any of our data. We felt relieved when Fast Data Recovery said they can recover all our data in just a few days where most other companies said it wasn't possible. Surely enough, they were able to decrypt the files and we got our data back. Happy customer.
Rakesh Singh
Rakesh Singh
15:34 13 Apr 18
recovered 100% of our files after a java infection. great advice and helpful

Infected with EKING Ransomware?
Don’t Panic, we guarantee to have your data recovered within 24-48 hours.
Get quick 24/7 help NOW!

If you are reading this page, it’s likely you have been infected with EKING ransomware variant.
Fast Data Recovery has the tools, knowledge and resources to help recover your data within 24-48 hours and help to secure your network.

EKING Ransomware is part of of the PHOBOS ransomware family. PHOBOS ransomware is one of the top 3 ransomware infections circulating on the internet and on average we solve between 20-30 cases per week.

We have been successful in helping thousands of clients recover data from EKING ransomware variants.

  • 1No Data No Charge. We guarantee your data recovery.
  • 2Worldwide support with 24/7 customer service & recovery.
  • 3All our recoveries are undertaken remotely and completed within 24-48 hours.

Need Urgent Assistance?

call +1-888-278-8482 Now!


Fill out the form below and a ransomware specialist will assist with your enquiry.

This form is monitored 24/7

    No Data No Charge

    Submit a ticket for a FREE assessment or request a call back.

    Our engineers are available to assist and recover  your data 24 hours / 7 days a week.


    >> Watch how we recover from EKING Ransomware <<>> Watch how we recover from EKING Ransomware <<

    EKING Recovery Guarantee

    We have the tools, knowledge and resources to guarantee the recovery of your data.

    Fast Data Recovery

    We are available 24/7 for instant response. All recovery processes will begin immediately.

    Remote Recovery Service

    All recoveries are undertaken remotely on the original infected system or on another computer. No need to send us your data.

    Ransomware Experts

    Fast Data Recovery is an established and trusted global IT service provider. Our focus is to help clients recover from ransomware and provide cybersecurity to combat any future ransomware attacks.

    Expedited Service

    Get your data faster. Our data recovery experts will provide a recovery quote after assessing the complexity of your EKING infection within 1-4 hours. If you choose to engage our service we guarantee decryption of your files within 24-48 hours*

    Personalized Service

    A dedicated member of our team will guide you through every step of recovering your data, provide insight on the attack and help to secure your system.

    Frequently Asked Questions

    EKING / PHOBOS ransomware is an encryption ransomware Trojan that was first observed on October 21, 2017 (a new variant of Dharma ransomware).

    It is a malicious program that is classified as ransomware (aka. malware). Cybercriminals encrypt your files, blocking you from accessing them. They then demand you pay a ransom to access a decryption tool to recover your files. Once the ransom is paid, the cybercriminals rarely send the decryption tool. In most cases, the perpetrator’s email will be blocked or further ransomware demands are made.

    PHOBOS ransomware creates a text file called “YOUR FILES ARE ENCRYPTED.txt”, “Files Encrypted.txt“info.txt” and displays a ransom note in a pop-up window.

    This ransomware also renames all encrypted files by adding the “.PHOBOS” extension (together with the victim’s ID and the email address of the .PHOBOS hacker). For example, if a file is named “1.jpg“, then .EKING will rename it to “1.jpg.id-1E857D00-1234.[hacker@email.com].EKKING” and so on.

    Each ID will be a unique infection. Please advise us when submitting your quote if you have multiple IDs.

    Our team has successfully helped thousands of EKING ransomware clients. We guarantee recovery from ALL EKING ransomware variants and we back our claim with a No Data = No Charge policy.

    Submit an online case or talk to our ransomware specialist to assist with EKING Ransomware recovery

    Get A Quote NowGet A Quote Now


    Fast Data Recovery is the market leader in ransomware recovery & cybersecurity services with 24/7 ransomware recovery team.

    Our company headquarters is located in Sydney, Australia with a team of 12 engineers working across Australia, the US, the UK & the Philippines.

    We have the resources, knowledge, and experience to help you remove and recover from eking ransomware and prevent further attacks.

    We understand the value of data and work extremely hard to recover your business data as fast as possible.

    • Fast Ransomware data recovery turn around*
    • 100% Guaranteed Recovery from eking ransomware.
    • No data = No charge policy for peace of mind.

    Please visit How it works? for more information about the process of analysing your ransomware variant and provide a quote for recovery.


    Fast Data Recovery supports clients worldwide.

    We are available 24/7 for all your enquiries.

    You can contact us via email, our online chat, or if you prefer to talk to a ransomware recovery engineer, feel free to call us on one of the numbers below:

    1300 500 400 (Australia)
    1-888-278-8482 (US/Canada Toll Free)
    +44-1273257254 (UK – Brighton Toll Free)
    +612 8259 0334 (All other countries)


    • 100% Guaranteed Recovery from most types of ransomware
    • Technicians are available 24/7 to start your recovery immediately
    • Priority Data Recovery Service (48 hours recovery time in 90% of cases)
    • Australian based with 24/7 Worldwide support
    • Free Evaluation or 4-24 hours Priority Evaluation for more urgent cases (most evaluation are completed in 4-8 hours)
    • No Obligation Fixed Quotes
    • No Data No Charge
    • All recoveries are done remotely (no need to send us your data!)
    • Ransomware Specialists
    • Advanced Ransomware Prevention and Security Audit to eliminate the risk of ransomware
    • Established company with over 10 years of data recovery experience
    • 1000+s of happy clients
    • All International clients are welcome


    Fast Data Recovery is a registered company based in Sydney, Australia. It is part of  the PC Link Professionals Pty Ltd group, which specialises in IT Support, Security and Data Recovery (established in 2008). Due to the exponential growth of demand for ransomware recovery, Fast Data Recovery was established by the PC Link Professionals group in December 2018.

    Please visit the Australian Business Register for more information about the establishment of our business:

    PC Link Professionals Pty Ltd – https://abr.business.gov.au/ABN/View?abn=20132031826

    Fast Data Recovery Pty Ltd – https://abr.business.gov.au/ABN/View?abn=78630597778


    We pride ourselves on the quality of work we provide. Customer service is our number one priority and we strive to exceed your expectations. Please read for yourself what other customers are saying about our services:

    Google Reviews: https://goo.gl/S7KM9Y
    Independent Reviews: https://trustspot.io/store/Fast-Data-Recovery
    Clients Written Testimonials: https://fastdatarecovery.com.au/clients-written-testimonials/

    We do not recommend paying hackers. It’s a small chance of getting your files back.

    Hackers in some instances may release personal information about your company to the public if you contact them and do not meet their ransom demands. Its strongly recommended not to communicate with them. (using an alternate email does not keep your identity safe as each infection has a unique code to identify you)

    Scenarios from customer’s feedback who paid the ransom without engaging a ransomware recovery company to recover without paying the ransom or at least negotiate in case we are unable to recover in a timely manner.
    1. The hackers may ask you for extra money after you make the first payment (The trend)
    2. The hacker’s email usually gets closed down by the email provider (Once the email is reported to the domain webmaster their email will be shut down. Usually thousands of victims are infected at the same time so the likely-hood of this happening is very high)
    3. They send you a sample file, take your money and simply stop responding
    4. They may recover all/some of your files

    In the event where we are unable to recover from your type of ransomware or able to recover in a timely manner, we can use our resources and experience to obtain the decryption at still offer a No Data No Charge for peace of mind

    For a risk-free recovery, Submit an online case or talk to our ransomware specialist to assist with PHOBOS Ransomware recovery

    Get A Quote NowGet A Quote Now

    At Fast Data Recovery, we serve the needs of both individuals and businesses who wish to have their data recovered after a ransomware attack. We are equipped with the reoucres, experience and knowlodge to perform complete ransomware data recovery.

    We also provide ransomware removal and ransomware prevention measures to protect you from future attacks.


    Fast Data Recovery offers a comprehensive Ransomware Prevention and Protection service against Ransomware attacks.

    If the worst happens and you become infected with a RANSOMWARE, we advise that you disconnect the infected system from the network (we do not advice to shut down your system as this may corrupt your data or system files further and prevent a quick repair).

    DO NOT TRY TO REMOVE THE RANSOMWARE. By running Antivirus or Malware removal software you may cause further damage and make the encryption irreversible.

    Ransomware removal and the recovery of your valuable data should always be left to an experienced ransomware recovery expert.

    Fast Data Recovery has the knowledge, resources and expertise to recover your data and completely remove all known forms of ransomware and malware. In most cases, we manage to recover 100% of our customer’s encrypted data.

    Our data recovery process is quick, simple and entirely focused on restoring your valuable data and getting your business back on track as quickly as possible.

    Fast Data Recovery offers a comprehensive Ransomware Prevention and Security Audit to secure your network from further attacks

    • Find the source of the attack to better protect your network
    • Find & Destroy the ransomware on your server
    • Find and destroy ransomware time-bomb, backdoor, key-logger trojans implemented by the perpetrators
    • Full protection against all current know types of ransomware attacks.
    • Protect your server from other common attacks used by hackers
    • Check Registry for changes made by hackers
    • Deep level scan from common hackers practices.
    • Complete network and security audit to minimise risk – A full list of any recommendation will be sent in a detailed report to further prevent future attacks from other computers/devices on your network
    • Best practices and solutions for protecting businesses from ransomware downtime
    • Check your current backups and advise on best backup practices
    • Check if your antivirus has adequate ransomware protection. Most antivirus’ fall short in protecting against Ransomware.
    • Group Policy and Passwords audit and recommendations
    • General IT recommendations if we feel it will improve your overall system/processes.
    • (Optional but highly recommended) Full scan and prevention on your computers/laptops

    It is no longer a matter of if, but rather when your organisation will become the target of a data breach. As the threat landscape continues to expand, more doors have opened for threat actors to explore and attack putting businesses at risk of unauthorised access and loss of critical data.

    PHOBOS – EKING Ransomware Hackers List

    List of Hackers Emails We Can Recover From but not only limited to the list below, so please reach out to us 24/7 by phone, email or webchat and we will be able to assist you

    @helpsnow (Telegram)
    and decphob on Sonar

    * List is currently being updated

    • A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. (Source: Cyber Security Ventures)
    • 1.5 million new phishing sites are created every month. (Source: webroot.com)
    • Ransomware attacks have increased by over 97% in the past two years. (Source: Phishme)
    • A total of 850.97 million ransomware infections were detected by the institute in 2018.
    • In 2019 ransomware from phishing emails increased 109% over 2017. (Source: PhishMe)
    • Ransomware generates over $25 million in revenue for hackers each year. (Source: Business Insider)
    • Fewer than 10% of organizations who pay the ransom received their data back. (Source: TrendMicro)
    • 30% of customers infected by Ransomware had a second attack within 60 days
    • Global cybercrime damages predicted to cost $6 trillion by 2021,(Source: Kaspersky)

    Other Ransomware Statistics:

    • 63% of confirmed data breaches involved leveraging weak, stolen or default passwords and usernames
    • 22% of small business breached by ransomware attacks in 2017 were so badly affected, they could not continue operating
    • 30% phishing emails were opened and 12% clicked on infected links or attachments.
      Source: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme

    Most ransomware infections occur due to weak security, target attacked or fraudulent emails trap leading victims into opening an attachment.

    Knowledge is power! – It is essential to understand the facts behind ransomware to better protect yourself

    Ransomware occurs on a system due to weak security of some sort. If you are reading this you are properly a victim!

    Here is some information you need to understand and take seriously

    How is your system been comprised and infected with ransomware?

    1. Cybercriminals will run a BOT (A bot is a form of an automated scan searching the interned for valurnerable network systems and attempt to comprise its security)
    2. Once your system vulnerability has been identified, Hackers will buy the comprised list through underground websites
    3. The ransomware hackers will use the details to comprise and infect your system with ransomware
    4. Most often the BOT list is sold to multiple hackers

    Have you removed the infected system from your network?

    1. This is a common mistake!! – isolating the infected system from your network is 50% of the solution.
    2. Hackers use group policy to distribute ransomware across your network and it remains undetected by most antivirus/malware software.
    3. Ransomware time-bomb, backdoor and keyloogers often implemented on your network to allow hackers to gain access to your network especially if you pay the ransom.

    Please be warned, once you have been infected, its emanate that you are very likely to get another attack.

    We recommend a full security check on your network to identify the penetration point(s) and make sure adequate security is implemented prior to your data recovery

    We offer ransomware prevention and ransomware recovery serivces parallel to ensure your files are recovered on ransomware risk free system without delaying the recovery of your files (our recovery and prevention team work parallel to ensure the prevention and recovery are done simultaneously)

    Ask us about our Ransomware Prevention and Security Audit

    Get A Quote NowGet A Quote Now


    In order to protect yourself from the PHOBOS variant, or from any other ransomware, it is important that you use good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.

    You should also have security software (please talk to us about our recommendations) as most antivirus do not provide complete protection

    Last, but not least, make sure you practice the following good online security habits, which in many cases are the most important steps of all:

    • Backup, Backup, Backup!
    • Do not open attachments if you do not know who sent them.
    • Restrict RDP access
    • Make sure all Windows updates are installed as soon as they come out! Also make sure you update all programs.
    • Update older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.
    • Make sure you have a recommended security software installed.
    • Setup a password lockout
    • Use complex passwords and never reuse the same password at multiple sites. SUBMIT AN ONLINE CASE OR TALK TO OUR RANSOMWARE SPECIALIST TO ASSIST WITH RANSOMWARE PREVENTIONGet A Quote NowGet A Quote Now


    If you are infected with the EKING ransomware, you most likely will experience some (or all of) the following:

    Pop-up message advising you that your data has been encrypted and demanding that you pay a ransom.
    Files won’t open.
    Files have been renamed with a new extension added (EKING) and a contact hackers email address
    Applications won’t open.
    Antivirus software is disabled.
    Computer system locked down.
    Computer system running slowly.

    Submit an online case or talk to our ransomware specialist to assist with EKING Ransomware recovery

    Get A Quote NowGet A Quote Now

    Once you realize your system has been infected by PHOBOS Ransomware, remove your infected system from the network (do not shut down as you can cause further damage). Do not make any attempts to remove the ransomware yourself by running an antivirus program as this may also cause further damage to your files.

    At this point, you should call in our Ransomware expert to access the situation and provide you with the best way forward.

    The Phobos ransomware family is fairly common ransomware and has been spotted in early 2019.

    Phobos and its all its variant are a part of the Dharma/Crysis ransomware.

    It has continued to push out new variants and evolve attack methods, but also frequently change the extension name of encrypted files in past variants.

    Phobos victims have often complained that they were cheated by the attacker of Phobos by not restoring files.

    What does Phobos ransomware does to a network?

    1. Entry Point
      Phobos has 24 known entry points and if you are reading this, you most likely a victim of phobos ransomware
    2. Execution
      Once the payloader has been executed a second (two step) process is executed
      The first group of commands are listed below with my added comments:vssadmin delete shadows /all /quiet   – Deletes all of the volume’s shadow copies.
      wmic shadowcopy delete  – Deletes shadow copies from local computer.
      bcdedit /set {default} bootstatuspolicy ignoreallfailures
      bcdedit /set {default} recoveryenabled no
       – Disables the automatic startup repair feature.
      wbadmin delete catalog –quiet  – Deletes the backup catalog.
      exitBy deleting the shadow copies that the Windows system makes for system restore, the victim is not able to use it to restore the encrypted files. It also prevents the victim from restoring files from an automatic startup repair or from a backup catalog.The commands of the second group turn off the Windows Firewall on the infected system, as shown below.netsh advfirewall set currentprofile state off – For Windows 7 and later versions.
      netsh firewall set opmode mode=disable – For Windows XP, Windows 2003 versions.

      3. Adding Auto run items

    The malware decrypts the string “Software\Microsoft\Windows\CurrentVersion\Run” (index number is 0x11), which is the registry subkey path, from the encrypted configuration block. It then creates an auto-run item to the same subkey of both root keys, HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER. The screenshot of the added auto-run item under the root key “HKEY_CURRENT_USER”.

    Figure 4.1. Added auto-run item “cs5”

    Other than adding this item into the auto-run group in the system registry, it also copies “cs5.exe” into two auto startup folders: “%AppData%\Microsoft\Windows\Start Menu\Programs\Startup” and “%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup”.  Figure 4.2 shows the ASM code snippet of copying “cs5.exe” into the two start-up folders.

    See What our Clients Say about Us

    View our Client's Written Testimonial

    Our company has been recently hit with a ransomware attack, after doing some researched I got in touch with FDR to see if they can assist with our ransomware issues. After having our initial discussion with FDR, we immediately engaged them because of their responsiveness and extensive information on encrypted files. FDR did an analysis of our server and gave us a guarantee that they can de-encrypt our files and we were not disappointed. FDR delivered our de-encrypted files with exceptional professionalism and within 48 hours. I am proud to say we got back 100% of our files and can recommend FDR to solve any of your ransomware issues.

    Prudecon Limited


    View our Client's Written Testimonial

    “Fast Data Recovery is very professional in handling our matter. The team responds very quickly and patiently explains what we need to do to resolve the issues. Not only that, they are able to solve our issues where no other company can. I highly recommend their services.”



    View our Client's Written Testimonial

    From the first phone call from the customer and my arrival on site, I knew that the Crypto virus had caused carnage beyond repair. We were talking months of data and backup infected. I did some research on paying the ransom and decided instead to make contact with FDR. I paid the initial consult and got a quote on restoration.. I must say that although the price was more than I anticipated, the speed of delivery, the promise, and the work ethic are second to none. They recovered 100% of the data within the time frame meaning my customer to get back to business.

    Glue IT

    Penrith NSW

    View our Client's Written Testimonial

    A few partial successes later, the big breakthrough happened on Wednesday evening and all the files started to decrypt. 1.2 million files and 24 hours later, I am utterly speechless and have nothing but love and gratitude for the team who worked around the clock to help me get back irreplaceable. The appreciation and sense of how I feel really cannot be put into words. Your heart sinks, everything turns dark, and these guys come to the rescue.


    Best NBA News and Blogs

    View our Client's Written Testimonial

    I am writing this testimonial as to the success of recovery of our data that have been encrypted with ransomware. We had 7 different keys codes that had locked our accounting, production, banking, R&D data, and our past history for the last 15 years. The encryption ransomware had also affected our two external backups and one internal so the process was extremely frustrating.


    Automotive spare parts – QLD

    View our Client's Written Testimonial

    It is with great enthusiasm that we can strongly recommend FAST Data Recovery for their utmost expertise, proficiency and professionalism. They are absolute experts in their field. We could only wish for a similar company in South-Africa! We are highly appreciative of what they have done for Sautech, and salute them for their services!


    Data Centre / VPS hosting

    Get Ransomware Help Now!

    We offer worldwide support with 24/7 customer service & recovery.
    Here are some ways to contact us.

    Talk to an Expert

    chat with a ransomware specialist for free to recover your data now!


    Get Help Now

    We are waiting to help you and your business – so don’t hesitate to reach out!

    Get A Quote NowGet A Quote Now

    Language >>