What is Phobos ransomware?
Phobos malware belongs to the ransomware family of viruses. Such viruses are the same and different at the same time. Attacks of ransomwares are always unpredictable: usually hackers try to brute-force into your device with the help of open ports or send emails with malicious attachments. After the successful injection of a virus, it begins the work. A virus scans your device and seeks for the important documents and media files in order to encrypt them. Every ransomware has its own algorithm of the work and decryption keys, that’s why methods of decryption are always different. Moreover, there is always a distinguishing feature of an every ransomware: appendix or the extension. Don’t try to remove .boriswhore extension yourself, there is a possibility to corrupt your information at all! When your files are encrypted, Phobos ransomware changes your background image (to be exact, it shows you a pop-up window) and puts a ransom note info.txt on your desktop. Let’s look into it:
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail firstname.lastname@example.org
Write this ID in the title of your message
In case of no answer in 24 hours write us to this e-mail:email@example.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
!!!All of your files are encrypted!!!
To decrypt them send e-mail to this address: firstname.lastname@example.org.
If we don’t answer in 24h., send e-mail to this address: email@example.com
Never pay a ransom, otherwise it will trigger other attacks! If you are interested on how to remove Phobos ransomware and decrypt .borishorse files, read our detailed guide!
- How to remove Phobos Ransomware from your computer
- How to remove Phobos Ransomware encryption from your files
- Data Recovery
- Automated decryption tools
- Windows Previous Versions
How to remove Phobos Ransomware from your computer?
We strongly recommend you to use a powerful anti-malware program that has this threat in its database. It will mitigate the risks of the wrong installation, and will remove Prandel from your computer with all of its leftovers and register files.
Solution for Windows user: our choice is Norton 360 . Norton 360 scans your computer and detects various threats like Phobos, then removes it with all of the related malicious files, folders and registry keys.
If you are Mac user, we advise you to use Combo Cleaner.
How to remove Phobos Ransomware encryption from your files?
Once you’ve removed the virus, you are probably thinking of recovering files from encryption. Let’s take a look at possible ways of decrypting your data.
Recover data with Data Recovery
- Download and install Data Recovery
- Select drives and folders with your files, then click Scan.
- Choose all the files in a folder, then press on Restore button.
- Manage export location.
Restore data with automated decryption tools
Unfortunately, due to the novelty of Phobos ransomware, there are no available automatic decryptors for this encryptor yet. Still, there is no need to invest in the malicious scheme by paying a ransom. You are able to recover files manually.
You can try to use one of these methods in order to restore your encrypted data manually.
Restore data with Windows Previous Versions
This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows keeps copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take the following steps:
- Open My Computer and search for the folders you want to restore;
- Right-click on the folder and choose Restore previous versions option;
- The option will show you the list of all the previous copies of the folder;
- Select restore date and the option you need: Open, Copy and Restore.
Restore the system with System Restore
You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.
- Type restore in the Search tool;
- Click on the result;
- Choose restore point before the infection infiltration;
- Follow the on-screen instructions.