PhobosImposter Ransomware
The PhobosImposter Ransomware is a file-locking Trojan that fakes being a variant of Phobos Ransomware. The deliberately-invoked similarities include misleading ransom messages and changes to filenames. Users should retain all due respect for its still-present encryption capabilities, let anti-malware services remove the PhobosImposter Ransomware or block it, and update backups for their recovery needs.
The Trojan Brave enough to Pretend to Be Fear
Copycats among file-locker Trojans aren't rare exceptionally, and some of them even are widespread enough that they warrant entire families to themselves, such as the Globe Imposter Ransomware. A new one is always worthy of remarking, however, especially when there are no past signs of their existence or strategies at work. The PhobosImposter Ransomware is the next 'chameleon' Trojan, although there's nothing fake about its attacks against files.
Some competing Trojans with similar payloads borrow portions of the Phobos Ransomware's payload, such as the 'audrey.b@aol.com' Ransomware, but the PhobosImposter Ransomware seems to be an entirely-independent threat. It uses encryption for blocking files on Windows systems, deletes the Shadow Volume Copy backups with CMD commands, and closes any unwanted memory processes that could get in the way of its attacks automatically. It also adds a 'phobos' extension to filenames, which is one of the points leading its identity trail in the wrong direction.
The other symptom that the PhobosImposter Ransomware uses disingenuously is its ransom note, a simple TXT text file. The message provides formatting and other references that imply that it's part of Phobos Ransomware's family and even includes associated Web links and forum 'reviews' from victims. Such sleight of hand could upgrade the PhobosImposter Ransomware's apparent authenticity since a victim might be more willing to pay if there's a history of successful decryption ransoms.
Taking the Reason to Fear Out of Trojans
While malware researchers have few samples of the PhobosImposter Ransomware available, most of them are receiving appropriate threat flags from established cyber-security companies. Unfortunately, the infection exploits for the PhobosImposter Ransomware's campaign remain open to speculation and may entail tactics like brute-forcing network passwords or sending hostile e-mail attachments. Windows users are, as usual, the target demographic for the PhobosImposter Ransomware, along with a majority of other file-locking Trojans.
Running the wrong family's decryptor will damage any encrypted files further and render directly recovering them into a non-proposition. Users should save backups beforehand for the safest recovery methods possible but may contact security researchers in cases where unlocking content is the only solution that's possible. Currently, malware experts are narrowing the PhobosImposter Ransomware's cryptography routine to one based on AES keys.
Compatible anti-malware tools should, as noted, block or delete the PhobosImposter Ransomware as a threat.
The PhobosImposter Ransomware isn't what it looks like, but changing masks is a trait among criminal enterprises. One shouldn't put too much credibility in the words of Trojans, when such language is, often, just another angle of attack.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.