Phobos Ransomware Removal Guide

Do you know what Phobos Ransomware is?

Phobos Ransomware is a malicious application whose entrance will definitely not go unnoticed because it encrypts files on victims’ machines right after the successful entrance. Of course, it first finds where they are located. Not all ransomware infections encrypt users’ files, but they all try to obtain money from users. It is one feature that connects them all. Once Phobos Ransomware encrypts files, it does not demand money from users immediately, but it tells them to write an email to the provided email address. If you do as instructed, we are sure you will be told to pay money in exchange for the decryption key. You should not transfer money to malicious software developers because you do not even know whether they have a tool that can unlock those files. Even if they have it, there are no guarantees that they will share it with you because they only seek to get money from victims. Yes, we are strictly against making payments to cyber criminals. Of course, it does not mean that you can keep Phobos Ransomware installed on your computer if you are not going to transfer the ransom. It must be removed as soon as possible because it might be launched again and encrypt all your new files.

Despite the fact that Phobos Ransomware arrives on users’ computers secretly, users find out about its entrance soon because they notice that it is no longer possible to open pictures, documents, videos, music, and many other files. Also, all these files are marked by the ID.email.PHOBOS extension. Our malware researchers have also noticed that it drops a ransom note Phobos.hta after encrypting users’ personal files. It does not tell much about the decryption of the encrypted data. Users are only told that their files are encrypted and “data on this PC turned into a useless binary code.” Additionally, they are told to write an email to OttoZimmerman@protonmail.ch if they want to fix affected files. You will not find the price of the decryption tool indicated there, but we are sure you will be told how much the decryptor costs if you contact cyber criminals. Without a doubt, you will also be provided with step-by-step payment instructions. You already know our opinion about payments to malicious software developers, and we are not going to change it. Of course, you are the one in charge here, but we hope that you will make a sensible decision and keep your money to yourself even if it might be no other way to unlock those encrypted files.Phobos Ransomware Removal GuidePhobos Ransomware screenshot
Scroll down for full removal instructions

Phobos Ransomware is not a popular infection, i.e., it has not affected many computers yet; however, it does not mean that it cannot become prevalent one day, so you should take all security measures to avoid it. Of course, it is already too late for prevention if you have already detected it on your computer, but you can still protect your system from similar threats. You just need to install a security application on your computer and set it to be active 24/7. What else you should do to be safe is to stay away from spam emails because ransomware infections are often distributed via them as attachments. Sadly, we cannot confirm that other distribution methods cannot be adopted too, so you must be cautious all the time even if you install security software on your computer.

Remove Phobos Ransomware from your system as soon as possible so that it could not lock your new files. It should be enough to delete the malicious file launched (you should be able to find it in %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, or %TEMP%); however, if you want to be sure that you do not leave any components of this threat active on your computer, go to perform a full system scan with a reputable malware remover. Only a 100% trustworthy tool could erase malware for you, so do not acquire the first scanner you come across.

Delete Phobos Ransomware

  1. Open Explorer (tap Win+E).
  2. Open %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, and %TEMP% directories one by one.
  3. Delete all suspicious files you find inside them.
  4. Remove the ransom note Phobos.hta.
  5. Empty Recycle bin.

In non-techie terms:

Phobos Ransomware is a nasty malicious application that will ruin your files. Ransomware infections lock users’ personal files to help cyber criminals behind them get easy money from victims. Of course, you should not give them what they want even if you have already found a bunch of your files encrypted because the chances are high that you will get nothing from them. That is, your files will stay locked. Do not expect to get your money back in this case.