New Phobos ransomware decryptor lets victims recover files for free

The Japanese police have released a Phobos and 8-Base ransomware decryptor that lets victims recover their files for free, with BleepingComputer confirming that it successfully decrypts files. The Japanese police have now released a free decryptor for organizations and people whose files were encrypted by Phobos and 8Base ransomware operations. BleepingComputer can confirm that the decryptor successfully decrypted all 150 files encrypted by the LIZARD variant of Phobos ransomware. Phobos and 8Base ransomware victims should try this decryptor, even if their encrypted files do not have one of the listed extensions, as it may still work. However, the Japanese police says that several other extensions may be supported, so it is worth testing the decryptor even if your files do not have the listed extensions. As a test, BleepingComputer infected a virtual machine with a recent Phobos ransomware variant that adds the .LIZARD extension to encrypted file names, as shown below. However, BleepingComputer has tested the decryptor, and not only is it not malicious, but it also successfully decrypts encrypted files from recent encryptors. It should be noted that you can select the root of a drive, and the decryptor will recursively decrypt files, recreating the same folder structure in the destination folder. When ready, click on the Decrypt button, and the decryptor will attempt to recover your files to the selected folder. While the ransomware operation did not receive as much media attention as other ransomware operations, Phobos is considered one of the most widely distributed ransomware operations, responsible for many attacks on businesses worldwide. Unlike other affiliates, this group engaged in double extortion where they encrypted files and stole data, threatening to release it if a ransom was not paid. In 2024, a Russian national suspected of being the administrator for the Phobos ransomware operation was extradited from South Korea to the United States to face charges in a 13-count indictment. While it is unclear how they were able to create the decryptor, it is believed it was made possible through information obtained during this year's disruption of the ransomware gang.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 18 Jul 2025 16:00:15 +0000

Cyber News related to New Phobos ransomware decryptor lets victims recover files for free

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
4 months ago Cybersecuritynews.com

New Phobos ransomware decryptor lets victims recover files for free - The Japanese police have released a Phobos and 8-Base ransomware decryptor that lets victims recover their files for free, with BleepingComputer confirming that it successfully decrypts files. The Japanese police have now released a free decryptor ...
3 weeks ago Bleepingcomputer.com 8base

New decryptor for Babuk Tortilla ransomware variant released - Cisco Talos obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor. Cisco Talos shared the key with our peers at ...
1 year ago Blog.talosintelligence.com

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
5 months ago Cybersecuritynews.com

Japanese police release decryptor for Phobos ransomware after February takedown | The Record from Recorded Future News - The spinoff operation named 8Base ramped up its activity in the summer of 2023 and the group claimed responsibility for high-profile attacks on the United Nations Development Programme and the Atlantic States Marine Fisheries Commission as well as a ...
3 weeks ago Therecord.media 8base

New Black Basta decryptor exploits ransomware flaw to recover files - Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files for ...
1 year ago Bleepingcomputer.com Black Basta

VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta

New Decryption Key Available for Babuk Tortilla Ransomware Victims - A new decryptor key has been created for victims of the Babuk Tortilla ransomware variant, Cisco Talos has confirmed. These keys will be added to a generic Babuk decryptor previously created by Avast Threat Labs. This will enable users to download ...
1 year ago Infosecurity-magazine.com Black Basta

Babuk ransomware decryptor updated with Tortilla support The Register - Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant. A collaboration between Cisco Talos, Avast, and the Netherlands police led to the development of ...
1 year ago Go.theregister.com DAIXIN

The Week in Ransomware - With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. Last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it ...
1 year ago Bleepingcomputer.com Inc ransom Qilin Mallox Black Basta

Online ransomware decryptor helps recover partially encrypted files - CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption. The company announced today that although the tool was already freely available through GitHub as a ...
1 year ago Bleepingcomputer.com BianLian Qilin Cactus Black Basta

The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
1 year ago Bleepingcomputer.com LockBit Cactus

'Black Basta Buster' Exploits Ransomware Bug for File Recovery - Researchers have exploited a weakness in a particular strain of the Black Basta ransomware to release a decryptor for the malware, but it doesn't recover all of the files encrypted by the prolific cybercriminal gang. Security research and consulting ...
1 year ago Darkreading.com FIN7 Black Basta

Free BianLian Ransomware Decryptor: A Complete Guide - With the recent emergence of ransomware attacks targeting organizations around the world, it has become increasingly important to have the latest security solutions in place in order to combat such threats. One of the most notable ransomware threats ...
2 years ago Securityaffairs.com BianLian

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit

Black Basta Buster Utilizes Ransomware Flaw to Recover Files - Security research and consulting firm SRLabs exploited a vulnerability in the encryption algorithm of a specific strain of Black Basta ransomware to develop and release a decryptor tool named Black Basta Buster. This tool, released in response to the ...
1 year ago Heimdalsecurity.com FIN7 Black Basta

Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base

Decryptor for Babuk ransomware variant released after hacker arrested - Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator. Tortilla is a Babuk ransomware variant ...
1 year ago Bleepingcomputer.com Black Basta

The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com LockBit BianLian Akira Cactus

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape

Flaw in Black Basta Ransomware Exploited to Create Decryptor - Researchers at cybersecurity firm Security Research Labs exploited a flaw found in the algorithm of a ransomware variant used by the high-profile threat group Black Basta to develop a decryptor that can help some victims recover their encrypted ...
1 year ago Securityboulevard.com Black Basta

Decryptor released for FunkSec ransomware; Avast works with law enforcement to help victims | The Record from Recorded Future News - FunkSec ransomware victims are getting a break via a decryptor released by cybersecurity experts at Avast. This week, Avast said it is working with law enforcement agencies to help the alleged 113 victims of the ransomware gang decrypt their files. ...
1 week ago Therecord.media

The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
1 year ago Bleepingcomputer.com LockBit Qilin Noescape

Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
1 year ago Bleepingcomputer.com LockBit Akira

Babuk Ransomware Decryptor Updated to Recover Files Infected - Hackers use ransomware to encrypt victims' files and render them inaccessible until a ransom is paid. This forces the victims to pay a ransom to regain access to compromised systems and data. This tactic leads to financial gains for the threat ...
1 year ago Cybersecuritynews.com