PhobosImposter Ransomware Removal Guide

You do not want PhobosImposter Ransomware invading your Windows operating system and encrypting your personal files because once this malware wraps its claws around your files, it does not let go. The message created by the infection might make you think that you can pay a ransom and get all photos and documents decrypted, but if we know one thing, that is that cybercriminals cannot be trusted. The bottom line is that the infection was created to make money, and cybercriminals behind it are interested in nothing else but money. If you obey their demands, you will help them reach their goals, but it is unlikely that you will get anything in return. Hopefully, you have not yet put your virtual security and savings on the line, but even if you have, you still need to learn how to delete PhobosImposter Ransomware. We recommend that you start the process by reading this report.

PhobosImposter Ransomware is a new version of ABCD Ransomware, not Phobos Ransomware, of course. It is not exactly clear what the attackers behind this malware are trying to do by using the name of another well-known file-encryptor, but it is possible that they are trying to confuse victims. The thing is that whether or not you realize that this Phobos Ransomware version is just an imposter, you are unlikely to have an easier time recovering your personal files. Before you can even think of that, the attackers need to invade your operating system, and that is not hard to do if you have not updated your system in a while, if your system’s OS is no longer supported (for example, Windows 7), or if you are careless with the files you download and the spam email attachments you click. Remember that cyber attackers always go after the most vulnerable spots to invade systems. If the infiltration is performed successfully, PhobosImposter Ransomware, according to our researchers, encrypts everything except for .exe files.

You might discover that something has happened to your files when you notice the “.phobos” extension appended to their names and when you realize that you cannot open them normally. It is also possible that you could learn about the attack through the message that is delivered using the “Restore-My-Files.txt” file. This message declares that victims of PhobosImposter Ransomware need to contact the attackers using phomen@cock.li and phomen@airmail.cc email addresses. It appears that once the victim sends a unique code along with a few files to these addresses, they are introduced to instructions explaining how to pay for a decryption tool. All we know is that the ransom would have to be paid in Bitcoins, and information about the sum and the attackers’ Bitcoin wallet is not disclosed right away. Should you pay the ransom? If you have copies of personal files stored in safe backups – preferably online or on external drives – you should not think about paying the ransom at all. However, if you do not have backups, we do not recommend paying the ransom anyway because the attackers behind PhobosImposter Ransomware are likely to be scamming you with their false promises.

You cannot decrypt files yourself, free decryptors do not exist, and you cannot restore files by removing PhobosImposter Ransomware. If you have backups, you are in a good position. If you do not have backups, paying the ransom might seem like the only option you have. In reality, it looks like you do not have options left at all because we do not believe that you could obtain a decryptor if you contacted the attackers – which, in itself, is already dangerous – and also paid the ransom as per instructions. Hopefully, you can use backups to replace the corrupted files, but first, you need to remove PhobosImposter Ransomware. As you can see, eliminating the threat manually is not a straightforward task. If you do not know the exact location and name of the launcher file, you might be unable to delete the threat yourself. That is not a tragedy because you can still use a legitimate anti-malware program. In fact, this is what should be installed on your system anyway, and so you should not skip your opportunity to install it and make the overall removal easier.

How to delete PhobosImposter Ransomware

1. If you can locate the [random].exe launcher file, Delete it.
2. Delete all copies of the file named Restore-My-Files.txt.
3. Empty Recycle Bin and quickly run a full system scan using a legitimate malware scanner.