- Slow Computer
- System crashes
- Connects to the internet without permission
- Installs itself without permissions
- Can't be uninstalled via Control Panel
Phobos Ransomware is a new highly dangerous application that can infect your PC by stealth and encrypt your personal files. After encrypting your files, this ransomware will demand that you pay a ransom to decrypt them. However, the sum to be paid is not stated in the ransom note that it drops. In any case, you should remove this program instead of paying the ransom because there is no guarantee that the cybercriminals will keep their word and decrypt your files. For more details on this ransomware, we invite you to read this whole article.
Phobos Ransomware was designed to use the Advanced Encryption Standard (AES.) This particular encryption method ensures a strong encryption and is, thus, very (if not impossible) to decrypt. This ransomware should generate unique public encryption, and private decryption keys and the decryption key should be sent to this ransomware’s server to be stored.
The full list of encryptable file types is not known at this point, but consider that this ransomware was definitely designed to target pictures, videos, audios, documents, executables, file archives, and so on to encrypt your personal files for which you would be willing to pay the ransom. This ransomware appends all encrypted files with a unique "ID.email.PHOBOS" file extension. Once the encryption is complete, it drops a ransom note called "Phobos.hta" on your PC. It might be opened automatically, but you might have to open it manually.
The ransom note says that you need to send an email to OttoZimmerman@protonmail.ch with the subject line “Encryption ID:6BBC6934.” However, the ID number can be different for each unique user. The note also states that required ransom payment is set to increase with time. Furthermore, the cybercriminals want to convince you that you will not be able to decrypt your files without the decryption key offered by them. However, the cybersecurity industry might come up with a free decryption tool, so you should be on the lookout for that.
Nevertheless, if your computer has not been infected with Phobos Ransomware, then you might be interested to know how it might end up infecting your PC. We assume that this ransomware ought to be distributed via fake, malicious emails that can be disguised as tax return forms, invoices, and so on. The emails might feature a download link of this ransomware or an attached file that can be zipped and made to look like a PDF or DOC file. If you open that file, then this ransomware will most likely infect your PC, provided that its execution will not be obstructed and prevented by an anti-malware program. Also, this ransomware might also be distributed on infected websites that might have exploit kits on them that can exploit vulnerabilities in Flash or Java and infect your PC secretly.
In conclusion, Phobos Ransomware is one highly dangerous computer infection that can encrypt your files and render them useless. Its creators want to extract money from you, but you should not trust them to keep their end of the bargain and send you a decryptor/decryption key. Therefore, we recommend that you remove this ransomware from your PC as soon as the opportunity arises. See the guide below on how to detect the location of this ransomware using SpyHunter’s free malware scanner and then delete it manually.