Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Phobos Ransomware

Phobos Ransomware is a new highly dangerous application that can infect your PC by stealth and encrypt your personal files. After encrypting your files, this ransomware will demand that you pay a ransom to decrypt them. However, the sum to be paid is not stated in the ransom note that it drops. In any case, you should remove this program instead of paying the ransom because there is no guarantee that the cybercriminals will keep their word and decrypt your files. For more details on this ransomware, we invite you to read this whole article.

Phobos Ransomware was designed to use the Advanced Encryption Standard (AES.) This particular encryption method ensures a strong encryption and is, thus, very (if not impossible) to decrypt. This ransomware should generate unique public encryption, and private decryption keys and the decryption key should be sent to this ransomware’s server to be stored.

The full list of encryptable file types is not known at this point, but consider that this ransomware was definitely designed to target pictures, videos, audios, documents, executables, file archives, and so on to encrypt your personal files for which you would be willing to pay the ransom. This ransomware appends all encrypted files with a unique "" file extension. Once the encryption is complete, it drops a ransom note called "Phobos.hta" on your PC. It might be opened automatically, but you might have to open it manually.

The ransom note says that you need to send an email to with the subject line “Encryption ID:6BBC6934.” However, the ID number can be different for each unique user. The note also states that required ransom payment is set to increase with time. Furthermore, the cybercriminals want to convince you that you will not be able to decrypt your files without the decryption key offered by them. However, the cybersecurity industry might come up with a free decryption tool, so you should be on the lookout for that.

Nevertheless, if your computer has not been infected with Phobos Ransomware, then you might be interested to know how it might end up infecting your PC. We assume that this ransomware ought to be distributed via fake, malicious emails that can be disguised as tax return forms, invoices, and so on. The emails might feature a download link of this ransomware or an attached file that can be zipped and made to look like a PDF or DOC file. If you open that file, then this ransomware will most likely infect your PC, provided that its execution will not be obstructed and prevented by an anti-malware program. Also, this ransomware might also be distributed on infected websites that might have exploit kits on them that can exploit vulnerabilities in Flash or Java and infect your PC secretly.

In conclusion, Phobos Ransomware is one highly dangerous computer infection that can encrypt your files and render them useless. Its creators want to extract money from you, but you should not trust them to keep their end of the bargain and send you a decryptor/decryption key. Therefore, we recommend that you remove this ransomware from your PC as soon as the opportunity arises. See the guide below on how to detect the location of this ransomware using SpyHunter’s free malware scanner and then delete it manually.

Removal Guide

  1. Open your web browser.
  2. Go to
  3. Download SpyHunter-Installer.exe and run it.
  4. Launch the program and click Scan Computer Now!
  5. Copy the file path of the malware from the scan results.
  6. Simultaneously press Windows+E keys.
  7. Enter the file path of the malware in File Explorer’s address box.
  8. Press Enter.
  9. Find and right-click the malicious file and then click Delete.
  10. Empty the Recycle Bin.
Download Spyware Removal Tool to Remove* Phobos Ransomware
  • Quick & tested solution for Phobos Ransomware removal.
  • 100% Free Scan for Windows


  1. Aniruddha Laha Feb 20, 2019

    It's showing scripting error when I was loading this file

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.