'fobosamerika@protonmail.ch' Ransomware
The 'fobosamerika@protonmail.ch' Ransomware is a variant of the Phobos Ransomware, a file-locking Trojan that blocks media by encrypting it. The 'fobosamerika@protonmail.ch' Ransomware may remove backups, add extensions onto the files that it locks and create ransoming messages in different formats, such as Notepad texts. The users should let their anti-malware products remove the 'fobosamerika@protonmail.ch' Ransomware and any associated threats before restoring their work through any available backup.
The New State of Fear in 2019
The Phobos Ransomware of two years ago is returning with a new variant that's competing in the already-crowded 'market' of file-locker Trojans, alongside new versions of the Scarab Ransomware, the Globe Imposter Ransomware and the like. Although new versions of this Trojan are rare, it has no public decryption offerings, and anything that it locks could be unopenable permanently. Besides the mandatory updating of its addresses, the 'fobosamerika@protonmail.ch' Ransomware shuffles around some of its other symptoms, as well.
Although malware specialists have yet to confirm any extension alterations (the original Phobos Ransomware made use of a 'PHOBOS' filename tag), the 'fobosamerika@protonmail.ch' Ransomware delivers ransoming messages in a Notepad format instead of HTA. The text is a copy-paste from previous, unrelated campaigns and tells the victim to negotiate over one of several addresses, including Jabber ones that supplement the e-mail options. As usual, the 'fobosamerika@protonmail.ch' Ransomware creates the message for viewing after blocking the PC's media files.
Media that's likely of being encrypted and locked by the 'fobosamerika@protonmail.ch' Ransomware include PDF documents, various compressed archives like ZIP and RAR, images like BMP or JPG, and virtually all Microsoft Office-related work. The AES encryption that the 'fobosamerika@protonmail.ch' Ransomware uses, like those of the first Phobos Ransomware, is unbreakable without access to the threat actor's custom key. Accordingly, users shouldn't expect to be able to restore their files without a safe backup.
Stopping the Rijndael Lockdown on Your Data
The 'fobosamerika@protonmail.ch' Ransomware infections are using as-of-yet unsurveyed distribution technique. However, Phobos Ransomware campaigns do make use of tools like the freeware Process Hacker for cementing their control over Windows PCs, disabling security tools, and dropping other threats. Initial compromises could be due to the victim's interactions with disguised e-mail attachments or links, or just from using logins that are vulnerable to brute-force attacks.
Securely backing up work is the only definitive means of protecting media from encryption that happens automatically and, often, isn't decryptable. Cloud servers with appropriate logins and detachable storage devices like USBs are two examples of relatively safe locations against file-locker Trojans' attacks. Already-present infections should be resolvable by most anti-malware products that should remove the 'fobosamerika@protonmail.ch' Ransomware on sight.
Even the smallest of families of Trojans can be just as much of a problem as monolithic entities like the Globe Ransomware for the victim who's caught by their payloads. Paying a criminal's ransom or backing up your work should be a no-thought-required choice, yet, for many, they seem to prefer risking the former.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.