Recovery & Decryption
Are your files encrypted by Phobos Ransomware and you need data recovery from Phobos?
If yes, then it is a company-wide encryption. Learn more about the Phobos ransomware, its decryption, recovery, removal and statistics.
Our Ransomware data recovery experts can help your business recover your files fast.
All our Ransomware Decryption process is performed remotely and we can schedule a consultation call with your team to assess the damage done to your files.
When your files are unable to open, your databases are not working any more and you get a notice demanding a ransom payment in order to unlock your files, then you are probably a victim of a ransomware attack.
Phobos Ransomware was firstly detected in October 2017, and its a new ransomware virus family that is related to Dharma Ransomware.
This ransomware strain uses AES 256-bit encryption, thus making it almost impossible to decrypt your files using a free decryptor tool.
These are the symptomps and indications that show you that you have been infected by Phobos Ransomware:
Phobos team is using is using the following extentions to encrypt files:
All your files have been encrypted! All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail lockhelp@qq.com Write this ID in the title of your message 000QQQ If there is no response from our mail, you can install the Jabber client and write to us in support of lockhelp@xmpp.jp You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Free decryption as guarantee Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/
!!! All your data is encrypted !!! To decrypt them send email to this address: lockhelp@qq.com If there is no response from our mail, you can install the Jabber client and write to us in support of lockhelp@xmpp.jp
Sometimes ransomware operators do not leave any ransomware note.
In such cases the contact name of the operator is on the actual files.
When analysing the file names we can see that you can find a unique identifier for each encryption source plus the operator ID.
Its very important to enumerate all IDs when dealing with the ransomware attack.
An example is this: instroctions_For_clients.docx.id[BAF3BBED-2822].[lyontrevor@aol.com].eight
Unfortunately Phobos Ransomware Operators in generic are one of the worst group when examining reliability.
Operators according to our experience do not have a good reputation in general.
Also we have seen cases that the operators take your money and go away.
Some attackers have a good reputation for providing working Phobos decryptors. Others are known as scammers and will never provide a decryption tool.
Unfortunately, hackers will receive the ransom payment and get away with it, leaving the victim in cold waters.
First of all don’t panic, since we have many options to help you.
If you do not understand what a Ransomware Virus is, you should read our dedicated section on What is Ransomware.
Please read our instructions carefully: