EKING Ransomware Decryption & Recovery

EKING Ransomware
Decryption & Recovery Service

All our recoveries are guaranteed, no data no charge!

>> Get a FREE Assessment in 1-4 hours >> Get a FREE Assessment

Infected with EKING Ransomware?
Don’t Panic, we guarantee to have your data recovered within 24-48 hours.
Get quick 24/7 help NOW!

If you are reading this page, it’s likely you have been infected with EKING ransomware variant.
Fast Data Recovery has the tools, knowledge and resources to help recover your data within 24-48 hours and help to secure your network.

EKING Ransomware is part of of the PHOBOS ransomware family. PHOBOS ransomware is one of the top 3 ransomware infections circulating on the internet and on average we solve between 20-30 cases per week.

We have been successful in helping thousands of clients recover data from EKING ransomware variants.

1No Data No Charge. We guarantee your data recovery.
2Worldwide support with 24/7 customer service & recovery.
3All our recoveries are undertaken remotely and completed within 24-48 hours.

Need Urgent Assistance?

call +1-888-278-8482 Now!

Fill out the form below and a ransomware specialist will assist with your enquiry.

This form is monitored 24/7

No Data No Charge

Submit a ticket for a FREE assessment or request a call back.

Our engineers are available to assist and recover your data 24 hours / 7 days a week.

>> Watch how we recover from EKING Ransomware <<>> Watch how we recover from EKING Ransomware <<

EKING Recovery Guarantee

We have the tools, knowledge and resources to guarantee the recovery of your data.

Fast Data Recovery

We are available 24/7 for instant response. All recovery processes will begin immediately.

Remote Recovery Service

All recoveries are undertaken remotely on the original infected system or on another computer. No need to send us your data.

Ransomware Experts

Fast Data Recovery is an established and trusted global IT service provider. Our focus is to help clients recover from ransomware and provide cybersecurity to combat any future ransomware attacks.

Expedited Service

Get your data faster. Our data recovery experts will provide a recovery quote after assessing the complexity of your EKING infection within 1-4 hours. If you choose to engage our service we guarantee decryption of your files within 24-48 hours*

Personalized Service

A dedicated member of our team will guide you through every step of recovering your data, provide insight on the attack and help to secure your system.

Frequently Asked Questions

What is EKING RANSOMWARE?

EKING / PHOBOS ransomware is an encryption ransomware Trojan that was first observed on October 21, 2017 (a new variant of Dharma ransomware).

It is a malicious program that is classified as ransomware (aka. malware). Cybercriminals encrypt your files, blocking you from accessing them. They then demand you pay a ransom to access a decryption tool to recover your files. Once the ransom is paid, the cybercriminals rarely send the decryption tool. In most cases, the perpetrator’s email will be blocked or further ransomware demands are made.

PHOBOS ransomware creates a text file called “YOUR FILES ARE ENCRYPTED.txt”, “Files Encrypted.txt” “info.txt” and displays a ransom note in a pop-up window.

This ransomware also renames all encrypted files by adding the “.PHOBOS” extension (together with the victim’s ID and the email address of the .PHOBOS hacker). For example, if a file is named “1.jpg“, then .EKING will rename it to “1.jpg.id-1E857D00-1234.[hacker@email.com].EKKING” and so on.

Each ID will be a unique infection. Please advise us when submitting your quote if you have multiple IDs.

Our team has successfully helped thousands of EKING ransomware clients. We guarantee recovery from ALL EKING ransomware variants and we back our claim with a No Data = No Charge policy.

Submit an online case or talk to our ransomware specialist to assist with EKING Ransomware recovery

Get A Quote Now Get A Quote Now

What Is The Ransomware Recovery Process?

RANSOMWARE RECOVERY PROCEDURES

Fast Data Recovery is the market leader in ransomware recovery & cybersecurity services with 24/7 ransomware recovery team.

Our company headquarters is located in Sydney, Australia with a team of 12 engineers working across Australia, the US, the UK & the Philippines.

We have the resources, knowledge, and experience to help you remove and recover from eking ransomware and prevent further attacks.

We understand the value of data and work extremely hard to recover your business data as fast as possible.

Fast Ransomware data recovery turn around*
100% Guaranteed Recovery from eking ransomware.
No data = No charge policy for peace of mind.

Please visit How it works? for more information about the process of analysing your ransomware variant and provide a quote for recovery.

How To Contact Us?

CONTACT US

Fast Data Recovery supports clients worldwide.

We are available 24/7 for all your enquiries.

You can contact us via email, our online chat, or if you prefer to talk to a ransomware recovery engineer, feel free to call us on one of the numbers below:

1300 500 400 (Australia)

1-888-278-8482 (US/Canada Toll Free)

+44-1273257254 (UK – Brighton Toll Free)

+612 8259 0334 (All other countries)

SUBMIT AN ONLINE CASE OR TALK TO ONE OF OUR RANSOMWARE SPECIALISTS TO ASSIST WITH YOUR RANSOMWARE RECOVERY:Get A Quote Now Get A Quote Now

Why Us?

100% Guaranteed Recovery from most types of ransomware
Technicians are available 24/7 to start your recovery immediately
Priority Data Recovery Service (48 hours recovery time in 90% of cases)
Australian based with 24/7 Worldwide support
Free Evaluation or 4-24 hours Priority Evaluation for more urgent cases (most evaluation are completed in 4-8 hours)
No Obligation Fixed Quotes
No Data No Charge
All recoveries are done remotely (no need to send us your data!)
Ransomware Specialists
Advanced Ransomware Prevention and Security Audit to eliminate the risk of ransomware
Established company with over 10 years of data recovery experience
1000+s of happy clients
All International clients are welcome

COMPANY DETAILS

Fast Data Recovery is a registered company based in Sydney, Australia. It is part of the PC Link Professionals Pty Ltd group, which specialises in IT Support, Security and Data Recovery (established in 2008). Due to the exponential growth of demand for ransomware recovery, Fast Data Recovery was established by the PC Link Professionals group in December 2018.

Please visit the Australian Business Register for more information about the establishment of our business:

PC Link Professionals Pty Ltd – https://abr.business.gov.au/ABN/View?abn=20132031826

Fast Data Recovery Pty Ltd – https://abr.business.gov.au/ABN/View?abn=78630597778

CUSTOMER TESTIMONIALS and REVIEWS

We pride ourselves on the quality of work we provide. Customer service is our number one priority and we strive to exceed your expectations. Please read for yourself what other customers are saying about our services:

Google Reviews: https://goo.gl/S7KM9Y
Independent Reviews: https://trustspot.io/store/Fast-Data-Recovery
Clients Written Testimonials: https://fastdatarecovery.com.au/clients-written-testimonials/

Should You Pay The Ransom?

We do not recommend paying hackers. It’s a small chance of getting your files back.

Hackers in some instances may release personal information about your company to the public if you contact them and do not meet their ransom demands. Its strongly recommended not to communicate with them. (using an alternate email does not keep your identity safe as each infection has a unique code to identify you)

Scenarios from customer’s feedback who paid the ransom without engaging a ransomware recovery company to recover without paying the ransom or at least negotiate in case we are unable to recover in a timely manner.
1. The hackers may ask you for extra money after you make the first payment (The trend)
2. The hacker’s email usually gets closed down by the email provider (Once the email is reported to the domain webmaster their email will be shut down. Usually thousands of victims are infected at the same time so the likely-hood of this happening is very high)
3. They send you a sample file, take your money and simply stop responding
4. They may recover all/some of your files

In the event where we are unable to recover from your type of ransomware or able to recover in a timely manner, we can use our resources and experience to obtain the decryption at still offer a No Data No Charge for peace of mind

For a risk-free recovery, Submit an online case or talk to our ransomware specialist to assist with PHOBOS Ransomware recovery

Get A Quote Now Get A Quote Now

What Solutions Do We Offer?

At Fast Data Recovery, we serve the needs of both individuals and businesses who wish to have their data recovered after a ransomware attack. We are equipped with the reoucres, experience and knowlodge to perform complete ransomware data recovery.

We also provide ransomware removal and ransomware prevention measures to protect you from future attacks.

Ransomware Prevention & Security Audit

RANSOMWARE PREVENTION & SECURITY AUDIT?

Fast Data Recovery offers a comprehensive Ransomware Prevention and Protection service against Ransomware attacks.

If the worst happens and you become infected with a RANSOMWARE, we advise that you disconnect the infected system from the network (we do not advice to shut down your system as this may corrupt your data or system files further and prevent a quick repair).

DO NOT TRY TO REMOVE THE RANSOMWARE. By running Antivirus or Malware removal software you may cause further damage and make the encryption irreversible.

Ransomware removal and the recovery of your valuable data should always be left to an experienced ransomware recovery expert.

Fast Data Recovery has the knowledge, resources and expertise to recover your data and completely remove all known forms of ransomware and malware. In most cases, we manage to recover 100% of our customer’s encrypted data.

Our data recovery process is quick, simple and entirely focused on restoring your valuable data and getting your business back on track as quickly as possible.

Fast Data Recovery offers a comprehensive Ransomware Prevention and Security Audit to secure your network from further attacks

Find the source of the attack to better protect your network
Find & Destroy the ransomware on your server
Find and destroy ransomware time-bomb, backdoor, key-logger trojans implemented by the perpetrators
Full protection against all current know types of ransomware attacks.
Protect your server from other common attacks used by hackers
Check Registry for changes made by hackers
Deep level scan from common hackers practices.
Complete network and security audit to minimise risk – A full list of any recommendation will be sent in a detailed report to further prevent future attacks from other computers/devices on your network
Best practices and solutions for protecting businesses from ransomware downtime
Check your current backups and advise on best backup practices
Check if your antivirus has adequate ransomware protection. Most antivirus’ fall short in protecting against Ransomware.
Group Policy and Passwords audit and recommendations
General IT recommendations if we feel it will improve your overall system/processes.
(Optional but highly recommended) Full scan and prevention on your computers/laptops

It is no longer a matter of if, but rather when your organisation will become the target of a data breach. As the threat landscape continues to expand, more doors have opened for threat actors to explore and attack putting businesses at risk of unauthorised access and loss of critical data.

List Of Hackers Emails We Can Recover From

PHOBOS – EKING Ransomware Hackers List

List of Hackers Emails We Can Recover From but not only limited to the list below, so please reach out to us 24/7 by phone, email or webchat and we will be able to assist you

decphob@tuta.io
decphob@protonmail.com
holylolly@airmail.cc
digistart@protonmail.com
greed_001@aol.com
helpmedecoding@airmail.cc
Black_Wayne@protonmail.com
Decryptdatafiles@protonmail.com
supp0rt@cock.li
quickrecovery05@firemail.cc
tsec3x777@protonmail.com
DECRYPTUNKNOWN@Protonmail.com
gluttony_001@aol.com
recoryfile@tutanota.com
ICQ@fartwetsquirrel
jerjis@tuta.io
holylolly@airmail.cc
pride_001@aol.com
kabura@firemail.cc
r4ns0m@tutanota.com
contactjoke@cock.li
moon4x4@tutanota.com
hublle@protonmail.com
clearcom@protonmail.com
chinadecrypt@fasthelpassia.com
paymantsystem@cock.li
Hubble77@tutanota.com
savemyself1@tutanota.com
qirapoo@firemail.cc
yoursjollyroger@cock
raboly@firemail.cc
eight20@protonmail.com
divevecufa@firemail.cc
cyvedira@firemail.cc
filedec@tutanota.com
crioso@protonmail.com
eleezcry@tutanota.com
HELPUNKNOWN@Tutanota.com
decrypt20@vpn.tg
kubura@firemail.cc
rodrigos@keemail.me
chadmad@ctemplar.com
chadmad@nuke.africa
dataencrypted@tutanota.com
itambuler@protonmail.com
itambuler@tutanota.com
dcrptfile@protonmail.com
filesdecrypt@aol.com
davidshelper@protonmail.com
reynoldmuren@tutanota.com
dacowe@firemail.cc
dozusopo@tutanota.com
subik099@tutanota.com
subik099@cock.li
trizvani@aol.com
trizvani@tutanota.com
datashop@list.ru
wugenaxu@firemail.cc
databack@airmail.cc
databack@firemail.cc
moonlight101@tutanota.com
moonlight10@mail.ee
fata52@cock.li
fata54@cock.li
phobos2020@cock.li
phobos2020@tutanota.com
xiaolinghelper@firemail.cc
redsnow911@protonmail.com
surpaking@tutanota.com
surpakings@mail.ee
btcunlock@airmail.cc
btcunlock@firemail.cc
anticrypt2020@aol.com
wiruxa@airmail.cc
yongloun@tutanota.com
anygrishevich@yandex.ru
alonesalem@keemail.me
alonesalem@protonmail.com
encrypted60@tutanota.com
cifrado60@tutanota.com
rantime@tuta.io
ransomtime@cock.li
opticodbestbad@aol.com
opticodbestbad@mail.ee
unlockdata@firemail.cc
onlyway@secmail.pro
jobiden1942@protonmail.com
jonneydep@protonmail.com
forumsystem@cock.li
forumsystem@techmail.info
sdx-2020@tutanota.com
sdx-20200@protonmail.com
encryption2020@aol.com
grootp2@protonmail.com
noobt56@protonmail.com
decphob@tuta.io
dragon.save@aol.com
dragon.save@yahoo.com
dragon.save@aol.com
drgreen1@keemail.me
drgreen2@protonmail.com
decryption24h@criptext.com
decryption24h@elude.in
fastwind@mail.ee
fastwind2@protonmail.com
newera@ctemplar.com
newera@tfwno.gf
johnsonz@keemail.me
johnsonz@cock.lu
pandora9@tuta.io
happy@gytmail.com
ghosttm@zohomail.com
falcon360@cock.li
tebook12@protonmail.com
rody_218@protonmail.com
erichhartmann_main@protonmail.com
erichhartmann_reserve@tuta.io
files@restore.ws
covidv19@tutanota.com
dtramp@tuta.io
lexus@gytmail.com
decrypt20@stealth.tg
decrypt20@firemail.cc
dowendowxxx@privatemail.com
ransom1999@tutanota.com
ransom2000@tutanota.com
hellook@gytmail.com
1bmx1@tuta.io
ransomsophos@tutanota.com
dr.cryptor@secmail.pro
dr.cryptor@protonmail.com
lepuscrysupp@mail.ee
lepuscrysupp@cock.li
keydecryption@airmail.cc
5559912@firemail.cc
@helpsnow (Telegram)
and decphob on Sonar
ICQ@fartwetsquirrel
chinadecrypt@fasthelpassia.com
crioso@protonmail.com
dozusopo@tutanota.com
qirapoo@firemail.cc
unlockfile@firemail.cc
decphob@tuta.io
decphob@protonmail.com
JackKarter@gmx.com
Sacura889@tutanota.com
unlocker@criptext.com
gener888@tutanota.com
unlockfile@firemail.cc
unlocker@criptext.com

* List is currently being updated

Ransomware Statistics

A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. (Source: Cyber Security Ventures)
1.5 million new phishing sites are created every month. (Source: webroot.com)
Ransomware attacks have increased by over 97% in the past two years. (Source: Phishme)
A total of 850.97 million ransomware infections were detected by the institute in 2018.
In 2019 ransomware from phishing emails increased 109% over 2017. (Source: PhishMe)
Ransomware generates over $25 million in revenue for hackers each year. (Source: Business Insider)
Fewer than 10% of organizations who pay the ransom received their data back. (Source: TrendMicro)
30% of customers infected by Ransomware had a second attack within 60 days
Global cybercrime damages predicted to cost $6 trillion by 2021,(Source: Kaspersky)

Other Ransomware Statistics:

63% of confirmed data breaches involved leveraging weak, stolen or default passwords and usernames
22% of small business breached by ransomware attacks in 2017 were so badly affected, they could not continue operating
30% phishing emails were opened and 12% clicked on infected links or attachments.
Source: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme

Most ransomware infections occur due to weak security, target attacked or fraudulent emails trap leading victims into opening an attachment.

Should I Be Concerned About Ransomware?

Knowledge is power! – It is essential to understand the facts behind ransomware to better protect yourself

Ransomware occurs on a system due to weak security of some sort. If you are reading this you are properly a victim!

Here is some information you need to understand and take seriously

How is your system been comprised and infected with ransomware?

Cybercriminals will run a BOT (A bot is a form of an automated scan searching the interned for valurnerable network systems and attempt to comprise its security)
Once your system vulnerability has been identified, Hackers will buy the comprised list through underground websites
The ransomware hackers will use the details to comprise and infect your system with ransomware
Most often the BOT list is sold to multiple hackers

Have you removed the infected system from your network?

This is a common mistake!! – isolating the infected system from your network is 50% of the solution.
Hackers use group policy to distribute ransomware across your network and it remains undetected by most antivirus/malware software.
Ransomware time-bomb, backdoor and keyloogers often implemented on your network to allow hackers to gain access to your network especially if you pay the ransom.

Please be warned, once you have been infected, its emanate that you are very likely to get another attack.

We recommend a full security check on your network to identify the penetration point(s) and make sure adequate security is implemented prior to your data recovery

We offer ransomware prevention and ransomware recovery serivces parallel to ensure your files are recovered on ransomware risk free system without delaying the recovery of your files (our recovery and prevention team work parallel to ensure the prevention and recovery are done simultaneously)

Ask us about our Ransomware Prevention and Security Audit

Get A Quote Now Get A Quote Now

How To Protect Your Business From PHOBOS / EKING Ransomware

TIPS TO PROTECT YORU NETWORK FROM PHOBOS RANSOMWARE?

In order to protect yourself from the PHOBOS variant, or from any other ransomware, it is important that you use good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.

You should also have security software (please talk to us about our recommendations) as most antivirus do not provide complete protection

Last, but not least, make sure you practice the following good online security habits, which in many cases are the most important steps of all:

Backup, Backup, Backup!
Do not open attachments if you do not know who sent them.
Restrict RDP access
Make sure all Windows updates are installed as soon as they come out! Also make sure you update all programs.
Update older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.
Make sure you have a recommended security software installed.
Setup a password lockout
Use complex passwords and never reuse the same password at multiple sites. SUBMIT AN ONLINE CASE OR TALK TO OUR RANSOMWARE SPECIALIST TO ASSIST WITH RANSOMWARE PREVENTION Get A Quote Now Get A Quote Now

How Do I Know If My System Is Infected With PHOBOS RANSOMWARE?

IS YOUR SYSTEM INFECTED WITH PHOBOS RANSOMWARE?

If you are infected with the EKING ransomware, you most likely will experience some (or all of) the following:

Pop-up message advising you that your data has been encrypted and demanding that you pay a ransom.
Files won’t open.
Files have been renamed with a new extension added (EKING) and a contact hackers email address
Applications won’t open.
Antivirus software is disabled.
Computer system locked down.
Computer system running slowly.

Submit an online case or talk to our ransomware specialist to assist with EKING Ransomware recovery

Get A Quote Now Get A Quote Now

How Do You Deal With An Infected System?

Once you realize your system has been infected by PHOBOS Ransomware, remove your infected system from the network (do not shut down as you can cause further damage). Do not make any attempts to remove the ransomware yourself by running an antivirus program as this may also cause further damage to your files.

At this point, you should call in our Ransomware expert to access the situation and provide you with the best way forward.

EKING Ransomware Deep Analysis - PHOBOS Ransomware variant

The Phobos ransomware family is fairly common ransomware and has been spotted in early 2019.

Phobos and its all its variant are a part of the Dharma/Crysis ransomware.

It has continued to push out new variants and evolve attack methods, but also frequently change the extension name of encrypted files in past variants.

Phobos victims have often complained that they were cheated by the attacker of Phobos by not restoring files.

What does Phobos ransomware does to a network?

Entry Point
Phobos has 24 known entry points and if you are reading this, you most likely a victim of phobos ransomware
Execution
Once the payloader has been executed a second (two step) process is executed
The first group of commands are listed below with my added comments:vssadmin delete shadows /all /quiet   – Deletes all of the volume’s shadow copies.
wmic shadowcopy delete  – Deletes shadow copies from local computer.
bcdedit /set {default} bootstatuspolicy ignoreallfailures
bcdedit /set {default} recoveryenabled no – Disables the automatic startup repair feature.
wbadmin delete catalog –quiet  – Deletes the backup catalog.
exitBy deleting the shadow copies that the Windows system makes for system restore, the victim is not able to use it to restore the encrypted files. It also prevents the victim from restoring files from an automatic startup repair or from a backup catalog.The commands of the second group turn off the Windows Firewall on the infected system, as shown below.netsh advfirewall set currentprofile state off – For Windows 7 and later versions.
netsh firewall set opmode mode=disable – For Windows XP, Windows 2003 versions.
exit
3. Adding Auto run items

The malware decrypts the string “Software\Microsoft\Windows\CurrentVersion\Run” (index number is 0x11), which is the registry subkey path, from the encrypted configuration block. It then creates an auto-run item to the same subkey of both root keys, HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER. The screenshot of the added auto-run item under the root key “HKEY_CURRENT_USER”.

Figure 4.1. Added auto-run item “cs5”

Other than adding this item into the auto-run group in the system registry, it also copies “cs5.exe” into two auto startup folders: “%AppData%\Microsoft\Windows\Start Menu\Programs\Startup” and “%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup”. Figure 4.2 shows the ASM code snippet of copying “cs5.exe” into the two start-up folders.

See What our Clients Say about Us

View our Client's Written Testimonial

Our company has been recently hit with a ransomware attack, after doing some researched I got in touch with FDR to see if they can assist with our ransomware issues. After having our initial discussion with FDR, we immediately engaged them because of their responsiveness and extensive information on encrypted files. FDR did an analysis of our server and gave us a guarantee that they can de-encrypt our files and we were not disappointed. FDR delivered our de-encrypted files with exceptional professionalism and within 48 hours. I am proud to say we got back 100% of our files and can recommend FDR to solve any of your ransomware issues.

Prudecon Limited

Director

View our Client's Written Testimonial

“Fast Data Recovery is very professional in handling our matter. The team responds very quickly and patiently explains what we need to do to resolve the issues. Not only that, they are able to solve our issues where no other company can. I highly recommend their services.”

Greenhope

Indonesi

View our Client's Written Testimonial

From the first phone call from the customer and my arrival on site, I knew that the Crypto virus had caused carnage beyond repair. We were talking months of data and backup infected. I did some research on paying the ransom and decided instead to make contact with FDR. I paid the initial consult and got a quote on restoration.. I must say that although the price was more than I anticipated, the speed of delivery, the promise, and the work ethic are second to none. They recovered 100% of the data within the time frame meaning my customer to get back to business.

Glue IT

Penrith NSW

View our Client's Written Testimonial

A few partial successes later, the big breakthrough happened on Wednesday evening and all the files started to decrypt. 1.2 million files and 24 hours later, I am utterly speechless and have nothing but love and gratitude for the team who worked around the clock to help me get back irreplaceable. The appreciation and sense of how I feel really cannot be put into words. Your heart sinks, everything turns dark, and these guys come to the rescue.

REALGM

Best NBA News and Blogs

View our Client's Written Testimonial

I am writing this testimonial as to the success of recovery of our data that have been encrypted with ransomware. We had 7 different keys codes that had locked our accounting, production, banking, R&D data, and our past history for the last 15 years. The encryption ransomware had also affected our two external backups and one internal so the process was extremely frustrating.

QFM

Automotive spare parts – QLD

View our Client's Written Testimonial

It is with great enthusiasm that we can strongly recommend FAST Data Recovery for their utmost expertise, proficiency and professionalism. They are absolute experts in their field. We could only wish for a similar company in South-Africa! We are highly appreciative of what they have done for Sautech, and salute them for their services!

SauTech

Data Centre / VPS hosting

Get Ransomware Help Now!

We offer worldwide support with 24/7 customer service & recovery.
Here are some ways to contact us.

Talk to an Expert

chat with a ransomware specialist for free to recover your data now!

+1-888-278-8482

Get Help Now

We are waiting to help you and your business – so don’t hesitate to reach out!

Get A Quote Now Get A Quote Now