Phobos
Ransomware

Have you been attacked by Phobos Ransomware?
We help you with ransomware removal and data recovery.

Call us first at (305) 680 7194 or chat with us.
One of our expert consultants will provide free incident response recommendations and explain our guaranteed recovery solution.

We recover information lost to Phobos Ransomware

“We were contacted by a partner of ours, who was helping to manage the contingency of a PHOBOS ransomware attack suffered by a non-profit organization in Texas with more 2 servers affected as well as backups.  SQL databases were encrypted as well.  The attack had been detected earlier that Monday and had already affected operations and sensitive databases. Our expert cryptography engineer ran our diagnostic and forensic analysis process for this client. It was a Phobos-type ransomware with over encryption and more than 4 different encryption keys affecting the NAS server.  We managed to recover all affected servers and backup in 3 days.
Testimonial:  ” Thanks for your great help.  Our lawyers recommended us to contact someone and negotiate with hackers but we would never do that.  Thanks to you guys, we are operating normally again.”

“A medical company in California contacted us after suffering a MAKOP ransomware attack that affected their operations forcing them to do accounting and patient management on paper. Their last backup was more than 6 months old.  Due to the sensitive data of patients, they contacted us to help them recover their patient information and accounting system.   We ran our diagnostic process and 1 day after we presented our guaranteed recovery solution and cost estimate.  The client hired our services and after 4 days we had recovered all 3 servers and the client was able to restore systems and resume operations.

Testimonial: “I just sent your number to a collegue of ours who needs your recovery services.  I told him you did magic for me.  Thank you”

“An health insurance service provider in Florida contacted us after suffering a ransomware attack related to a LOCKXXX ransomware variant. They had 3 servers affected and tried to recover one critical server with DMDE unsuccessfully (TIP: do not try to use conventional recovery tools to solve a ransomware encryption).  Our forensics team accessed remotely using anydesk software, did cleanup work, and 24 hours after we presented the client our guaranteed recovery proposal with cost estimate.  We found 3 different encryption vectors in different server and disk partitions.  It was possible to decrypt 100% of the information in 3 days. The data was recovered in the same structure, integrity as before the attack.
Testimonial:  “Hi Juan, after inspecting the servers you recovered, it looks like all of the databases and files are good!  Thank you so much.  We had paid the hackers and got a second extortion demand.  Thanks again for your support and help. “

Phobos ransomware comes from the old “Crisis”, a medium-complexity crypto virus whose encryption patterns can be quite changeable. It has similar structures to the well-known “Dharma” ransomware and is usually targeted at small and medium-sized businesses.
destacado-phobos

Origin of Phobos Ransomware

Encryption type: AES 256 & RSA 2048
Ransomware type: RAAS
Countries of Origin: Russia, China
Threat type: Crypto virus, Cyber ​​Locker
Infection methods: Phishing and Torrents
Our Decryption Process

ISOLATE THE INFORMATION

Disconnect all affected information from the network and completely avoid contact with cybercriminals.

FREE EVALUATION

Contact us to review your case and advise you on the specific case.

DEEP ANALYSIS

Our experts will perform a forensic analysis where we evaluate the complexity of the case.

DECRYPTION

Through forensic engineering and cryptography methods, we generate a decryptor to decrypt the information.

Frequently Asked Questions

HOW WAS MY INFORMATION ENCRYPTED?

There are different ways in which these types of attacks can happen. The most common is through social engineering where, through various mechanisms, they manage to impersonate the identity of an employee and with it, credentials of the different systems. Similarly, there are technical methods such as RDP attacks, Phishing emails, Malware, vulnerabilities in different software, among others.

WHAT HAPPENS IF I PAY THE EXTORTION?

According to studies, only 8% of companies manage to recover all their information after paying the extortion. Apart from this, depending on the legislation of the country where the company is located, it may even be illegal to pay the ransom by sponsoring criminal groups. Our recommendation is never to pay, even not to contact cybercriminals as they could complicate the case to pressure them to pay.

HOW CAN I AVOID THE CASE GETTING COMPLICATED?

Initially it is recommended to disconnect compromised computers from the network immediately. Following this, it is recommended to immediately make backup copies of the computers that have not been affected and immediately change the passwords for all types of access and eliminate any strange user detected in the different systems. Following this, we recommend making an IP change with the internet provider and checking if there are backup copies with which to restore the affected systems.

HOW SHOULD I PROCEED TO RECOVER MY INFORMATION?

According to the regulations of the country where you are, it is important to review the laws as to whether or not you must notify the competent authorities about said attack. Once done, we suggest isolating the affected computers from the network and contacting us immediately to evaluate the case and help you with said recovery. We highly recommend not to contact, much less pay extortion to cyber criminals.