Severity scale:  

Remove Calum ransomware (Virus Removal Instructions) - Improved Guide

removal by Gabriel E. Hall - - | Type: Ransomware

Calum ransomware – a Phobos family member that appends the .Calum extension to each locked component and demands a BTC ransom

Calum virusCalum virus - ransomware that encrypts files and demands money in exchange for the decryption software

Calum ransomware is one of the newest versions belonging to Phobos ransomware. The purpose of this malware is to target English speakers, infiltrate their Windows machines, and scan the system for encryptable documents/files. Once the malicious program detects all files that can be locked, it executes a symmetric[1] or asymmetric algorithm that blocks the data and appends the .Calum extension to each affected component. Furthermore, Calum virus drops the info.hta and info.txt ransom notes that bring ransom demands which have to be met, otherwise, the victims will not be able to recover their data. The criminals try to scare people by claiming that no other tool will help and encourage victims to write them via or email addresses and also obtain Bitcoin cryptocurrency for the ransom payment.

Name Calum ransomware
Type Ransomware infection/file-encrypting malware/ransom-demanding virus
Appendix Once the malware places itself on the Windows computer system and uses symmetric or asymmetric encryption to lock up data, the affected components end up with the .Calum extension added
Ransom note(s) The ransomware virus places info.hta and info.txt ransom demanded messages on the desktop and also a copy in each folder that includes locked documents and files
Demanded price Even though there is no current ransom price number given, hackers are likely to demand an amount between $100 and $2000 that needs to be transferred in BTC or another type of cryptocurrency
Email addresses The criminals provide or email addresses as a way to make communication with them
Distribution Ransomware infections, including Calum virus, are most commonly distributed via email spam, software cracks, vulnerable RDP, infectious ads/links, and other similar locations
Family Phobos ransomware
Removal You need to get rid of the infection ASAP. Perform the process only automatically to avoid possible mistakes and damage
System repair If the malware has touched some system components on your Windows computer machine, try repairing them with the help of Reimage Reimage Cleaner Intego software 

Calum ransomware brings more than just file encryption and inadequate ransom demands. This malicious string might modify some Windows Registry entries and inject hazardous processes in your Task Manager section once entering your Windows machine. This way the cyber threat will be assured that it will reboot and reload itself each time when the user turns on his/her computer system.

Continuously, such alterings might allow Calum ransomware to run a system scanning process once in a while and go in search of newly-encryptable documents and files. Also, the malware might try to avoid antivirus detection by running specific commands, destroy Shadow Copies[2] of locked data, or damage the hosts file in order to prevent users from accessing cybersecurity-related web pages where they might find reliable information towards Calum ransomware removal.

Our recommendation would be not to fall for the tricks that Calum ransomware might try to put on you as there might be some better solutions than paying the criminals. Besides, you always risk losing your money for nothing while paying hackers as these people might appear to be only scammers. Even though the ransom note claims that the decryption tool will be provided after the ransom payment, this type of data might be completely false:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail
Write this ID in the title of your message –
In case of no answer in 24 hours write us to this
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Calum ransomware might tend to carry additional malware into the system. There are a lot of ransomware strains that come attached with a Trojan horse as this way the developers can double their benefits. If you postpone the elimination process of the ransomware virus, you might not even notice that additional malware has been added to your computer system before it is too late.

If you are looking for a way to remove Calum ransomware, we recommend employing only reliable antimalware software as manual elimination is not a good possibility in this case. After the cyber threat leaves your computer, you can try repairing damaged files with Reimage Reimage Cleaner Intego. Also, go down to the end of this article and read through all of the data recovery methods some of which might let you bring your data back to primary state.

The content of Calum ransomware has also been included in the database of VirusTotal website.[3] We have found that 53 out of 69 AV engines are able to detect the malware-laden files. Some of the detection names include Win32:Malware-gen, TR/Crypt.XPACK.Gen, Trojan.Ransom.Phobos.F, Trojan.Ransom.Phobos.F (B), Ransom.Phobos, Ransom:Win32/Phoenix.BW, etc.

Calum ransomware virusCalum ransomware - a dangerous malware that can be distributed via software cracks, email spam, vulnerable RDP, and other techniques

Ransomware appearance is a common thing in the cybersecurity field

Regarding the latest news reports by security researchers, ransomware infections are commonly distributed on random user computers and also have been targetting reputable healthcare firms, banking organizations, and so on. These notorious viruses might result in the loss of important information or money if the victim agrees to pay and inadequate price in order to receive the decryption tool.

Calum ransomware is just a small fish in the ocean regarding the thousands of other ransomware viruses released. However, every infection is dangerous, should be avoided and removed if injected into someone's computer system. Besides from Phobos releasing new versions fastly, Djvu ransomware also does not fall behind. The developers have already let out around 200 versions that belong to this malware category.

Calum ransomware

Multiple techniques are used for ransomware distribution daily

Security specialists from[4] state that hackers think of numerous ways how to distribute their products for a wider range of people. Ransomware viruses are one of the most dangerous infections that lean on spreading techniques such as email spam, software cracks, malicious updates, infected files/ads/links, exploit kits, vulnerable RDP, etc.

One of the most popular spreading ways is through email spam campaigns where cybercriminals pretend to be from reliable shipping companies such as FedEx or DHL and tend to deliver “shipment information” or “order confirmation” via a hyperlink or attachment that truly is the infectious payload.

Furthermore, ransomware is also commonly distributed via software cracks that can be found on unsecured downloading sources and p2p networks such as The Pirate Bay. Get all of your products and services only from reputable developers and originals websites, otherwise, you might easily end up with malware on your computer system.

Continuously, vulnerable RDP protection such as including a weak password or none security code at all might also allow crooks to hack the RDP remotely, brute force the password into the system, or just connect remotely without putting any big effort into the process. Make sure that you always use strong and reliable passwords that include not only letters or just numbers but both of them combined together and even some symbols added.

The termination process of Calum ransomware (Phobos variant)

Phobos seems to be including various versions of ransomware into its family line and Calum ransomware is one of them. If you ever encounter this malicious infection on your Windows computer system, you should not let it stay there for long as many damaging actions might be performed during then.

We always recommend using automatical software for succeeding in processes such as Calum ransomware removal as manual elimination might bring more damage to the infected system if completed wrong. First, scan the system with antivirus software such as SpyHunter 5Combo Cleaner or Malwarebytes.

After you remove Calum ransomware, you can try employing Reimage Reimage Cleaner Intego which might help you to repair the corrupted files that have been touched by the malware. Also, below you will find some data recovery methods that might be helpful if you are looking forward to recovering some locked files.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Calum virus, follow these steps:

Remove Calum using Safe Mode with Networking

If the ransomware virus has initiated some malicious processes on your Windows computer system, you can try to disable the operations by booting your machine in Safe Mode with Networking:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Calum

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Calum removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Calum using System Restore

If you have been looking for ways to stop malicious tasks from running on your computer, you can try booting up via System Restore. To do that, follow these guidelines:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Calum. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Calum removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Calum from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Calum, you can use several methods to restore them:

Employ Data Recovery Pro for file restoring purposes.

Use this piece of software if you have been looking for a tool to unlock your data with. Even though there is no 100% guarantee that the program will work, it is definitely better trying this product than paying the big ransom.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Calum ransomware;
  • Restore them.

Use Windows Previous Versions feature for data recovery tasks.

Employ this type of feature to reverse some files back to their previous states. However, just ensure that you have activated System Restore in the past, otherwise, this tool might not work properly.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try activating Shadow Explorer and restore some data.

If the ransomware infection did not permanently eliminate or damage the Shadow Volume Copies of your locked files, you can give this piece of software a try.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Currently, cybersecurity experts are still working on the official Calum ransomware decryption tool.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Calum and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions


Your opinion regarding Calum ransomware