Carver Ransomware is a Phobos Clone Designed to Encrypt Files and Demand Ransoms


Carver ransomware is a malicious program that belongs to the Phobos ransomware family, designed to encrypt data and demand ransoms for decryption. After running a sample of Carver on a test machine, it encrypted files by modifying their filenames with a unique ID, the cyber criminals' email address, and a ".Carver" extension. For example, a file initially named "1.jpg" appeared as "[9ECFA84E-3455].[].Carver".

Once the encryption process was completed, Carver ransomware created two ransom notes, "info.hta" (pop-up window) and "info.txt". The text file informs victims that their data has been encrypted and directs them to contact the attackers. The pop-up window message clarifies that the decryption process requires a Bitcoin cryptocurrency ransom payment. The ransom amount is not specified in the note, but it is said to depend on how quickly victims contact the cyber criminals responsible for the attack. Prior to paying the ransom, victims can test decryption (within certain specifications) free of charge.

The message concludes with a warning against renaming the encrypted files and using third-party decryption tools, as that may render the data undecryptable.

The Carver Ransom Note Copies Usual Phobos Pattern

The full ransom note produced by the Carver ransomware uses the usual Phobos template and reads as follows:

All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail
Write this ID in the title of your message -
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.

Free decryption as guarantee
Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:

Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

How Can Ransomware Like Carver Get on Your System?

Ransomware like Carver can infect your system through various methods. Some common ways include:

Phishing emails: Cybercriminals may send phishing emails with malicious attachments or links. Once you download and open the attachment or click on the link, the ransomware may get downloaded onto your system.

Malicious websites: Visiting untrusted or malicious websites can also result in downloading ransomware onto your system. Malware can get installed through software vulnerabilities or by tricking you into downloading and installing a fake software update.

Vulnerable software: Ransomware can exploit vulnerabilities in software that hasn't been updated or patched. Attackers can gain access to your system through outdated software such as operating systems, browsers, and plugins.

Unsecured RDP: Remote Desktop Protocol (RDP) is a common target for attackers. If you have RDP enabled on your system and it's not secured with strong passwords or two-factor authentication, attackers can easily gain access to your system.

To prevent ransomware attacks, it's essential to keep your system and software up-to-date, use strong and unique passwords, and be cautious while opening email attachments or clicking on links. It's also advisable to use reputable antivirus software and backup your data regularly.

March 8, 2023

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.