PHOBOS Ransomware Extensions
PHOBOS Ransomware is almost identical to Dharma Ransomware. Recently we are seeing a lot more PHOBOS infections.
This family of ransomware releases a new variant frequently (weekly), some of the latest PHOBOS Ranswomare includes:
1500dollars – Released 5/7/19
ACTOR – Released 19/7/19
ACTIN RANSOMWARE (Released 24th May 2019)
ADAGE – Released 21/6/19
Adame – Released 19/7/19
FRENDI RANSOMWARE
PHOBOS RANSOMWARE
PHONEIX RANSOMWARE
MAMBA – Released 17/5/19
WALLET – Released 5/7/19
DEWAR – Released Oct 20
EIGHT – Released Dec 20
Elder – Released November 19, 2020
Devon – Released August 14, 2020
Caleb – Released August 4, 2020
Dever – Released August 31, 2020
Barak – Released Dec 16, 2020
Deuce – Released Aug 4, 2020
Banjo – Released Jan 15, 2021
Deal – Released Aug 5, 2020
Devil – Released Jan 13, 2021
Ideal – Released Sep 17, 2020
Devos – Released Jan 11, 2021
DLL – Released Dec 29, 2020
Caley – Released Sep 10, 2020
Eject – Released Sep 22, 2020
Help – Released Aug 5, 2020 Update 4 Dec, 2018
.com – Released Nov 16, 2020
Calix – Released Nov 13, 2020
Moneta – Released Dec 23, 2020
Eking – Released Jan 22, 2021
Google – Released Aug 19, 2020
DEVOS Ransomware
We are 100% successful in helping thousands of customers recover from Devos ransomware variants. All our work is guaranteed or your money back
Devos Ransomware is part of the Phobos Ransomware family and amends an ID to every file. For example File.PDF will be renamed to File.pdf.id[1E857D00-2654].[qq1935@mail.fr].Devos
Devos provides victims with two ransom messages: one in a pop-up window (“info.hta” file) and another in a text file named “info.txt“.
The Devos Ransomware will drop text ransomware demanding note on the victim’s server named “info.txt” and another pop-up window (“info.hta” file)
The “info.txt” file contains one of the many devos email addresses (qq1935@mail.fr) that should be used to contact the cybercriminals who designed Devos. The “info.hta” window contains a more detailed ransom message, which states that the email must include the appointed ID and can contain up to five attachments (encrypted files) that cybercriminals will decrypt free of charge.
Devos Ransomware was released in January 2021
Its highly recommended not to rename encrypted files or attempting to decrypt them with other software WILL cause permanent data loss. It’s best to disconnect your network cables from all the computers and servers (regardless if they are infected or not as the backers most likely installed a backdoor to access all the computers on your network before they encrypt your data)
Most Antiviruses will not protect from Devos Ransomware or the hackers will terminate the antivirus detection to avoid detection.
Based on VirusTotal, Devos Ransomware is detected as Avast (Win32:Malware-gen), BitDefender (Trojan.Ransom.Phobos.F), ESET-NOD32 (Win32/Filecoder.Phobos.C), Kaspersky (HEUR:Trojan.Win32.Generic)
Don’t Panic! – Most of the files are recovered within 48 hours with a 100% success rate.
EIGHT Ransomware
We are 100% successful in helping thousands of customers recover from EIGHT ransomware variants. All our work is guaranteed or your money back
EIGHT Ransomware is part of the Phobos Ransomware family and amends an ID to every file. For example File.PDF will be renamed to File.pdf.id[1E857D00-2776].[ use_harrd@protonmail.com].EIGHT
EIGHT provides victims with two ransom messages: one in a pop-up window (“info.hta” file) and another in a text file named “info.txt“.
The EIGHT Ransomware will drop text ransomware demanding note on the victims’ server named “info.txt” and another pop-up window (“info.hta” file)
The “info.txt” file contains one of the many EIGHT email addresses (use_harrd@protonmail.com) that should be used to contact the cybercriminals who designed EIGHT. The “info.hta” window contains a more detailed ransom message, which states that the email must include the appointed ID and can contain up to five attachments (encrypted files) that cybercriminals will decrypt free of charge.
EIGHT Ransomware was released in December 2020
It’s highly recommended not to rename encrypted files or attempting to decrypt them with other software WILL cause permanent data loss. It’s best to disconnect your network cables from all the computers and servers (regardless if they are infected or not as the backers most likely installed a backdoor to access all the computers on your network before they encrypt your data)
Most Antiviruses will not protect from EIGHT Ransomware or the hackers will terminate the antivirus detection to avoid detection.
Based on VirusTotal, EIGHT Ransomware is detected as Avast (Win32:Malware-gen), BitDefender (Gen:Variant.Ulise.99735), ESET-NOD32 (A Variant Of Win32/Filecoder.Phobos.C), Kaspersky (HEUR:Trojan.Win32.Generic), Full List Of Detections
Don’t Panic! – 98% of all PHOBOS/EIGHT Ransomware cases are recovered within 48 hours and we offer a No Data No Charge policy
EKING Ransomware
We are 100% successful in helping thousands of customers recover from EKING Ransomware variant of the Phobos family. All our work is guaranteed or your money back
EKING Ransomware is part of the Phobos Ransomware family and amends an ID to every file. For example File.PDF will be renamed to File.pdf.id[1E857D00-2771].[ decphob@tuta.io].EKING
EKING provides victims with two ransom messages: one in a pop-up window (“info.hta” file) and another in a text file named “info.txt“.
The EKING Ransomware will drop text ransomware demanding note on the victims’ server named “info.txt” and another pop-up window (“info.hta” file)
The “info.txt” file contains one of the many EKING email addresses (decphob@tuta.io) that should be used to contact the cybercriminals who designed EKING. The “info.hta” window contains a more detailed ransom message, which states that the email must include the appointed ID and can contain up to five attachments (encrypted files) that cybercriminals will decrypt free of charge.
EKING Ransomware was released in January 2021
It’s highly recommended not to rename encrypted files or attempting to decrypt them with other software WILL cause permanent data loss. It’s best to disconnect your network cables from all the computers and servers (regardless if they are infected or not as the backers most likely installed a backdoor to access all the computers on your network before they encrypt your data)
Most Antiviruses will not protect from EKING Ransomware or the hackers will terminate the antivirus detection to avoid detection.
Based on VirusTotal, EKING Ransomware is detected as Avast (Win32:PWSX-gen [Trj]), BitDefender (Trojan.GenericKD.33855769), ESET-NOD32 (A Variant Of MSIL/GenKryptik.EKSC), Kaspersky (HEUR:Trojan-PSW.MSIL.Agensla.gen),
Don’t Panic! – 98% of all PHOBOS/EKING Ransomware cases are recovered within 48 hours and we offer a No Data No Charge policy
ELDER Ransomware
We are 100% successful in helping thousands of customers recover from ELDER Ransomware variant of the Phobos family. All our work is guaranteed or your money back
Elder is malicious software belonging to the Phobos ransomware family. It is designed to encrypt data and keep it inaccessible until a ransom is paid (i.e., decryption software/tool is purchased). When Elder encrypts data, it renames files with the victim’s unique ID number, developer’s email address, and the “.elder” extension. For example, “1.jpg” becomes “1.jpg.id[1E857D00-2397].[stocklock@airmail.cc].elder” and so on for all affected files. Once this process is complete, Elder stores two files on the desktop (“info.hta” and “info.txt“), which contain the ransom messages.
The text file (“info.txt“) informs users that their data has been encrypted and, to decrypt it, they must contact the cybercriminals behind Elder. This file contains two email addresses for that purpose. The HTML application (“info.hta“), which opens a pop-up window, holds a detailed ransom message. It states that the email that victims send to the criminals must include their unique ID number (generated for each attack individually) in the title/subject of the message. If there is no response from Elder developers within 24 hours, users are urged to use the alternative email address. The ransom must be paid in the Bitcoin cryptocurrency, and the size of this ransom will depend on how quickly victims make contact. To ‘prove’ their ability to recover data, the cybercriminals offer to decrypt up to five files free of charge. The files will be decrypted, as long as their total size is no greater than 4 MB (non-archived) and they do not contain ‘valuable information’ such as databases, backups, large excel sheets, etc. The message provides instructions about how to obtain Bitcoins and lists actions victims should not take. Users are warned that if they rename files or attempt to decrypt them with third-party software, they risk permanent data damage. Unfortunately, this is accurate: ransomware-type programs use strong encryptions, which can only be decrypted with the software initially used to encrypt it. Despite this, you are advised against communicating with any cyber criminals or meeting their demands. Even after payments are made, users receive none of the promised tools, thereby leaving their data permanently damaged. Removing this malicious program will not restore affected files (they will remain encrypted), but will prevent Elder from further data encryption. The only solution is to restore the compromised data from a backup, provided one was made prior to the infection and stored separately.
Don’t Panic! – 98% of all PHOBOS/ELDER Ransomware cases are recovered within 48 hours and we offer a No Data No Charge policy.
DEVON Ransomware
We are 100% successful in helping thousands of customers recover from DEVON Ransomware variant of the Phobos family. All our work is guaranteed or your money back
Belonging to the Crisis/Dharma malware family, Devon is a ransomware infection. This malicious program encrypts data and demands payment for decryption. When encryption is underway, files are renamed with a unique ID, the developer’s email address and “.Devon” extension. For example, a filename like “1.jpg” might appear as something similar to “1.jpg.id[1E857D00-2609].[decryptfiles@qq.com].Devon“, and so on for all affected files. Once this process is complete, Devon malware stored the “info.hta” and “info.txt” files on the desktop. Both the HTML application and text file contain ransom messages. Updated variants of this ransomware use “.[cyberdyne@foxmail.com].Devon“, “.[decryption_help@protonmail.com].Devon“, “.[suppdecrypt@cock.li].Devon“, “.[Unlock1@cock.li].Devon“, “.[admindevon@cock.li].devon” and “.[celine_denny@aol.com].Devon” extensions for encrypted files.
The text file (“info.txt”) informs victims that their data has been encrypted and, to recover it, they must establish contact with the cybercriminals behind the infection. This message lists their email address and instructs users that if there is no response from the criminals via email, they can use the Jabber client messaging platform to initiate communication. The ransom demand message within the “info.hta” pop-up window goes into more detail. It states that the victims’ emails must include their unique IDs in the title/subject field. The message also reiterates that the alternative method of communication is through Jabber client. Detailed instructions about how to download/install and create an account on this platform are provided. To recover their files, users are to pay a certain sum for decryption tools/software. The size of the ransom is unspecified but is supposedly dependent on how quickly victims contact the developers of Devon. Payment must be made in the Bitcoin cryptocurrency (there are also links detailing how to and from where to acquire Bitcoins). As ‘proof’ that recovery is possible, up to five files can be sent free of charge for decryption. The total size of these test files cannot exceed 4 MB (non-archived) and they cannot contain valuable information (e.g. databases, backups, large excel sheets, etc.). Users are warned not to rename encrypted files or attempt decryption with third-party software – this can lead to permanent data loss. Without the involvement of the individuals responsible for the infection, decryption is usually impossible unless the ransomware in question is still in development and/or has flaws/bugs. Regardless, you are strongly advised against meeting the demands of cybercriminals. Despite paying, victims often receive none of the promised decryption tools/software. Therefore, their data remains encrypted and useless. To prevent further encryption by Devon, it must be removed from the operating system, however, removal will not restore already affected files. The only viable solution is to recover data from a backup if one was made prior to the infection and was stored in a different location.
ADAGE Ransomware
We are 100% successful in helping thousands of customers recover from ADAGE Ransomware variant of the Phobos family. All our work is guaranteed or your money back
First discovered by malware researcher, Raby, Adage is yet another variant of high-risk ransomware called Phobos. This malware is designed to stealthily infiltrate computers and encrypt most stored files, thereby rendering them unusable. Additionally, Adage renames each file by appending the victim’s unique ID, developer’s email address, and “.adage” extension. For example, “sample.jpg” might be renamed to a filename such as “sample.jpg.id[1E857D00-2250].[wewillhelpyou@qq.com].adage“. Once encryption is complete, Adage generates and automatically runs an HTML application (“info.hta“), and also creates a text file (“info.txt“). Both files are stored on the victim’s desktop.
The new text file contains a short message informing victims of the current situation and encourages them to contact Adage’s developers if they wish to restore their files. The HTML application (which displays a pop-up window) provides much more detail. The pop-up states that, to decrypt data, victims must pay a ransom using the Bitcoin cryptocurrency. The cost is not specified, however, ransoms usually fluctuate between $500 and $1500. Developers also attempt to ‘prove’ that they are capable of restoring data and gain victims’ trust by offering free decryption of five files (up to 10 MB in total, non-archived). These files cannot contain “important information” (such as backups, databases, excel sheets, etc.) and victims must attach them to the initial email. No matter what the cost, do not pay. Research shows that cybercriminals often ignore victims once payments are submitted. They do not help victims to restore their data. Thus, paying delivers no positive result. Ignore all statements encouraging you to contact these people and certainly do not pay any ransoms. Unfortunately, Adage is undecryptable ransomware and there are no tools capable of cracking the encryption and restoring data free of charge. The only solution is to restore everything from a backup.
DEWAR Ransomware
We are 100% successful in helping thousands of customers recover from DEWAR Ransomware variant of the Phobos family. All our work is guaranteed or your money back
Dewar is a malicious program belonging to the Phobos ransomware family. Systems infected with this malware have their data encrypted and users receive ransom demands for decryption. During the encryption process, all affected files are renamed according to the following pattern: original filename, unique ID, developer’s email address and the “.dewar” extension. For example, a file like “1.jpg” would appear as something similar to “1.jpg.id[1E857D00-2718].[kryzikrut@airmail.cc].dewar“.
The text file states that the victims’ data has been encrypted. To get further instructions about how to decrypt it, they must establish contact with the cybercriminals behind the infection via email, Telegram or Jabber instant messaging platforms. The ransom message in the pop-up window (“info.hta”) provides more information. This message repeats the initial statement concerning file encryption and adds that, when initiating contact with the ransomware developers, users must include their IDs (found in the pop-up and filenames of each encrypted file). While the size of the ransom is not specified (this will depend on how quickly contact is established), victims are informed that it must be paid in the Bitcoin cryptocurrency. Links are provided for how and from where to acquire Bitcoins. Users are warned that renaming compromised files or attempting decryption with third-party tools/software can result in permanent data loss. Prior to making payment, victims can test decryption by sending up to five encrypted files. The size of these test files cannot exceed 4 MB in total. Additionally, they must not be archived or contain valuable information (e.g. databases, backups, large excel sheets, etc.). Lengthy instructions are provided on how to install and create an account in Jabber (Pidgin instant messaging client). Should these directions be confusing, the message suggests searching installation tutorials on YouTube. Unfortunately, in most cases of ransomware infections, decryption is impossible without the involvement of the criminals responsible, unless the malware in question is still in development or has bugs/flaws. Whatever the case, you are strongly advised against paying cybercriminals. Despite meeting the ransom demands, victims do not receive the promised decryption tools/software. Therefore, their data remains encrypted and useless, and they also experience a significant financial loss. To prevent Dewar from further encryption, it must be removed from the operating system, however, removal will not restore already affected files. The only viable solution is recovering data from a backup if one was created before the infection and was stored in a different location.
DEVIL Ransomware
We are 100% successful in helping thousands of customers recover from DEVIL Ransomware variant of the Phobos family. All our work is guaranteed or your money back
Devil is a part of Phobos, a family of ransomware-type programs. It renames encrypted files by appending the victim’s ID, developer’s email address and “.devil” extension to filenames. For example, a file such as “1.jpg” is renamed to a filename such as “1.jpg.id[1E857D00-2574].[decrypt4data@protonmail.com].devil“, and so on. Like most programs of this type, Devil provides victims with instructions about how to contact the developers and decrypt files. In this case, it creates the “info.txt” file and displays a pop-up window (info.hta).
The pop-up window states that Devil encrypts all files and that they cannot be decrypted without a decryption tool and/or key, which can be purchased from the developers. Instructions about how to purchase the tool/key can be obtained by sending an email to decrypt4data@protonmail.com. It is stated that the cost of decryption depends on how quickly victims contact cybercriminals. Devil’s developers promise to send a decryption tool after payment. They also offer free decryption of five files, which can be sent to them via the email address provided. The files cannot exceed 4 MB or contain valuable information. It is also stated that renaming or trying to decrypt files with other software might cause permanent data loss and/or increase the cost of decryption. Unfortunately, there are currently no other free tools able to decrypt files compromised by Devil. Despite this, do not trust these or other cybercriminals (ransomware developers). They send no decryption tools/keys even if victims meet all demands and pay the ransoms. The only way to recover files without having to pay a ransom (and risking being scammed) is to restore them from a backup. Files remain encrypted even if ransomware is uninstalled/removed from the operating system – removal simply prevents further data loss (encryption).
BARAK Ransomware
We are 100% successful in helping thousands of customers recover from BARAK Ransomware variant of the Phobos family. All our work is guaranteed or your money back
Barak is a malicious program belonging to the Phobos ransomware family. It operates by encrypting data and demanding payment for decryption tools/software. During the encryption process, files are renamed with the following pattern: original filename, unique ID, cyber criminals’ email address and the “.Barak” extension. For example, a file such as “1.jpg” would appear as “1.jpg.id[1E857D00-2378].[smithhelp@mail.ee].Barak“, and so on for all of the affected files. After this process is finished, ransom messages (“info.hta” and “info.txt“) are created on the desktop. Updated variants of this ransomware use the “.[propixt@cock.li].Barak” and “.[torhelp@mail.ee].Barak” extensions for encrypted files.
The text file (“info.txt“) states that all of the victims’ data has been encrypted. To decrypt their files, users are to establish contact with the cybercriminals behind Barak ransomware via email. The ransom message in the pop-up window (“info.hta“) adds that the victims’ emails must include the ID assigned to them in the message subject field. According to the message, the only way to recover the encrypted data is to purchase decryption tools/software from the criminals. The cost of these tools will depend on how quickly communication is initiated. While the size of the ransom is not specified, it is stated that it must be paid in the Bitcoin cryptocurrency. Prior to payment, users can send up to five encrypted files to test decryption. The total size of these files cannot exceed 4 MB (non-archived) and they must not contain valuable information (e.g. databases, backups, large excel sheets, etc.). This message ends with warnings, alerting users that renaming the encrypted files or attempting to decrypt them with third party software can result in permanent data loss. In most cases of ransomware infections, decryption is impossible without the involvement of the cybercriminals responsible, unless the malware in question is in development and/or has significant bugs/flaws. Regardless, you are strongly advised against meeting the ransom demands. Despite paying, victims do not receive the promised decryption tools/software. Therefore, their data remains encrypted and they also experience a financial loss. Removing the Barak malicious program will prevent it from further encryption, however, it will not restore already compromised files. The only solution is to recover data from a backup if one was made before the infection and was stored in a different location.
BANJO Ransomware
We are 100% successful in helping thousands of customers recover from BANJO Ransomware variant of the Phobos family. All our work is guaranteed or your money back
Banjo is one of the malicious programs that belong to the ransomware family called Phobos. Like most programs of this type, Banjo is designed to encrypt files, modify their filenames and provide instructions on how to contact its developers. It renames files by adding victim’s ID, the mutud@airmail.cc email address and appending the “.banjo” extension. For example, it renames a file named “1.jpg” to “1.jpg.id[C279F237-3069].[mutud@airmail.cc].banjo“, “2.jpg” to “2.jpg.id[C279F237-3069].[mutud@airmail.cc].banjo“, and so on. Banjo provides instructions on how to contact its developers in a pop-up window and “info.txt” text file.
As written in Banjo’s ransom notes (“info.hta” and “info.txt” files), victims can receive instructions on how to buy a decryption tool by writing an email to mutud@airmail.cc or krasume@tutanota.com, or contacting the user named @krasume on Telegram. It is stated that the price of a decryption tool depends on how fast victims will contact Banjo’s developers. Additionally, before making a payment victims are offered to send up to 5 files (that do not contain any valuable information) for free decryption. As a rule, cybercriminals behind ransomware attack are the only ones who can provide the right decryption tools. Unfortunately, there are no third-party tools that can decrypt files that are encrypted by Banjo as well. Therefore, in this case, the only way to recover files for free is to restore them from a backup. It is strongly recommended not to pay Banjo’s developers for decryption too, it is very likely that they will not send even after payment. It is worthwhile to mention that if the installed ransomware-type program has not encrypted all files, then unencrypted files can be prevented from being encrypted by uninstalling that malicious program from the operating system. However, files that are already encrypted remain inaccessible even after its uninstallation.
DEVER Ransomware
We are 100% successful in helping thousands of customers recover from DEVER Ransomware variant of the Phobos family. All our work is guaranteed or your money back
Belonging to the Phobos malware family, Dever is a ransomware-type malicious program. Infected devices have their data encrypted and a ransom is demanded from the victims for decryption software/tools. When Dever encrypts files, it renames them according to the following pattern: unique ID, developer’s email address (there are several addresses used the cybercriminals behind this infection, and thus there is more than one variant in the altered filenames), and appends them with the “.Dever” extension. For example, a file like “1.jpg” might appear as something similar to “1.jpg.id[1E857D00-2544].[lizethroyal@aol.com].Dever” following encryption. Once this process is complete, a text file (“info.txt“) and an HTML application (“info.hta“) are created on the desktop.
The text file informs victims that their data has been encrypted and, if they wish to restore it, they must contact the developers of Dever ransomware through the email addresses provided. The HTML application pop-up window contains a more detailed ransom message. It clarifies that the email’s subject/title must include the user’s ID (generated individually for each victim and located both in the message and filenames of affected files). If the cybercriminals do not respond within 24 hours, victims are urged to use the alternative email address. The cost of decryption tools/software will depend on how quickly users establish contact. The ransom must be paid in the Bitcoin cryptocurrency (the message also lists web links detailing how to and from where to obtain Bitcoins). As a ‘guarantee’ that recovery is possible, the criminals offer to decrypt up to five files free of charge. The total size of these files cannot exceed 4 MB (non-archived) and they cannot contain valuable information, such as databases, backups, large excel sheets or similar. Users are warned that renaming compromised files and/or attempting to decrypt them with third-party programs can lead to permanent data loss. In most cases of ransomware infections, manual decryption (i.e. without the involvement of the individuals responsible) is impossible, unless the malicious software in question has bugs/flaws or is still in development. Regardless, you are strongly advised against communicating with and/or meeting the demands of cybercriminals – they cannot be trusted. Despite paying, victims often do not receive the promised decryption software/tools. Therefore, their data remains encrypted and useless. To prevent Dever from further encryption it must be eliminated from the system. Unfortunately, removal will not restore already encrypted data. Files can be recovered from a backup if one was made prior to the infection and was stored in a different location.
DLL Ransomware
We are 100% successful in helping thousands of customers recover from DLL Ransomware variant of the Phobos family. All our work is guaranteed or your money back
DLL is the name of a malicious program, belonging to the Phobos ransomware family. This malware’s discovery is credited to Luigi Martire. This ransomware operates by encrypting data and demanding payment for the decryption tools. During the encryption process, files are renamed according to this pattern: original filename, a unique ID assigned to the victim, cyber criminals’ email address and the “.DLL” extension (not the be confused with the extension of Dynamic Link Library files). For example, a file originally named “1.jpg” would appear as something similar to “1.jpg.id[C279F237-2989].[technopc@tuta.io].DLL” – following encryption. After this process is complete, ransom notes are created in a pop-up window (“info.hta“) and “info.txt” text file.
The message in “info.txt” informs victims that their data has been encrypted. To recover their files, users are told to write to the provided email address. Should no response arrive within 24 hours, they are to write to the secondary mail address. The “info.hta” (pop-up) provides slightly more information concerning the ransomware infection. It states that victims’ emails must contain the ID assigned to them. This ransom note also clarifies that users will have to pay for the decryption. The size of the ransom will depend on how quickly victims establish contact with the cybercriminals. Furthermore, the payment will have to be made in Bitcoin cryptocurrency (the message also contains links to websites detailing how to and from where to purchase Bitcoins). Prior to paying the ransom, users can test decryption by sending up to five encrypted files to the criminals. Provided if the total file size does not exceed 4 MB (non-archived) and they do not contain valuable information (e.g. databases, backups, large excel sheets, etc.) – the files will be decrypted and sent back. The message in the pop-up window is concluded with warnings. Users are alerted that renaming the encrypted files and/or attempting to decrypt them with third-party tools/software – may result in permanent data loss (i.e. render the files undecryptable). In many cases of ransomware infections, decryption is impossible – without the interference of the individuals responsible for the attack. Recovery might be possible if the malicious program has significant bugs (flaws) and/or is still in development. Regardless of the circumstances, it is expressly advised against communicating with and/or meeting the demand of cybercriminals. Since often, despite paying – victims do not receive the promised decryption tools/software. Hence, they experience financial loss and their data remains inaccessible and worthless. To prevent DLL (Phobos) ransomware from further encryptions, it must be removed from the operating system. Unfortunately, removal will not restore already affected files. The only solution is recovering them from a backup if one was created before the infection and was stored in a different location.
Fast Data Recovery guarantee full recovery from all types of PHOBOS and our work is guaranteed.
