Calum ransomware (Virus Removal Instructions) - Improved Guide

Calum virus Removal Guide

What is Calum ransomware?

Calum ransomware – a Phobos family member that appends the .Calum extension to each locked component and demands a BTC ransom

Calum virusCalum virus - ransomware that encrypts files and demands money in exchange for the decryption software

Calum ransomware is one of the newest versions belonging to Phobos ransomware. The purpose of this malware is to target English speakers, infiltrate their Windows machines, and scan the system for encryptable documents/files. Once the malicious program detects all files that can be locked, it executes a symmetric[1] or asymmetric algorithm that blocks the data and appends the .Calum extension to each affected component. Furthermore, Calum virus drops the info.hta and info.txt ransom notes that bring ransom demands which have to be met, otherwise, the victims will not be able to recover their data. The criminals try to scare people by claiming that no other tool will help and encourage victims to write them via or email addresses and also obtain Bitcoin cryptocurrency for the ransom payment.

Name Calum ransomware
Type Ransomware infection/file-encrypting malware/ransom-demanding virus
Appendix Once the malware places itself on the Windows computer system and uses symmetric or asymmetric encryption to lock up data, the affected components end up with the .Calum extension added
Ransom note(s) The ransomware virus places info.hta and info.txt ransom demanded messages on the desktop and also a copy in each folder that includes locked documents and files
Demanded price Even though there is no current ransom price number given, hackers are likely to demand an amount between $100 and $2000 that needs to be transferred in BTC or another type of cryptocurrency
Email addresses The criminals provide or email addresses as a way to make communication with them
Distribution Ransomware infections, including Calum virus, are most commonly distributed via email spam, software cracks, vulnerable RDP, infectious ads/links, and other similar locations
Family Phobos ransomware
Removal You need to get rid of the infection ASAP. Perform the process only automatically to avoid possible mistakes and damage
System repair If the malware has touched some system components on your Windows computer machine, try repairing them with the help of FortectIntego software

Calum ransomware brings more than just file encryption and inadequate ransom demands. This malicious string might modify some Windows Registry entries and inject hazardous processes in your Task Manager section once entering your Windows machine. This way the cyber threat will be assured that it will reboot and reload itself each time when the user turns on his/her computer system.

Continuously, such alterings might allow Calum ransomware to run a system scanning process once in a while and go in search of newly-encryptable documents and files. Also, the malware might try to avoid antivirus detection by running specific commands, destroy Shadow Copies[2] of locked data, or damage the hosts file in order to prevent users from accessing cybersecurity-related web pages where they might find reliable information towards Calum ransomware removal.

Our recommendation would be not to fall for the tricks that Calum ransomware might try to put on you as there might be some better solutions than paying the criminals. Besides, you always risk losing your money for nothing while paying hackers as these people might appear to be only scammers. Even though the ransom note claims that the decryption tool will be provided after the ransom payment, this type of data might be completely false:

All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail
Write this ID in the title of your message –
In case of no answer in 24 hours write us to this
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
Also you can find other places to buy Bitcoins and beginners guide here:
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Calum ransomware might tend to carry additional malware into the system. There are a lot of ransomware strains that come attached with a Trojan horse as this way the developers can double their benefits. If you postpone the elimination process of the ransomware virus, you might not even notice that additional malware has been added to your computer system before it is too late.

If you are looking for a way to remove Calum ransomware, we recommend employing only reliable antimalware software as manual elimination is not a good possibility in this case. After the cyber threat leaves your computer, you can try repairing damaged files with FortectIntego. Also, go down to the end of this article and read through all of the data recovery methods some of which might let you bring your data back to primary state.

The content of Calum ransomware has also been included in the database of VirusTotal website.[3] We have found that 53 out of 69 AV engines are able to detect the malware-laden files. Some of the detection names include Win32:Malware-gen, TR/Crypt.XPACK.Gen, Trojan.Ransom.Phobos.F, Trojan.Ransom.Phobos.F (B), Ransom.Phobos, Ransom:Win32/Phoenix.BW, etc.

Calum ransomware virusCalum ransomware - a dangerous malware that can be distributed via software cracks, email spam, vulnerable RDP, and other techniques

Ransomware appearance is a common thing in the cybersecurity field

Regarding the latest news reports by security researchers, ransomware infections are commonly distributed on random user computers and also have been targetting reputable healthcare firms, banking organizations, and so on. These notorious viruses might result in the loss of important information or money if the victim agrees to pay and inadequate price in order to receive the decryption tool.

Calum ransomware is just a small fish in the ocean regarding the thousands of other ransomware viruses released. However, every infection is dangerous, should be avoided and removed if injected into someone's computer system. Besides from Phobos releasing new versions fastly, Djvu ransomware also does not fall behind. The developers have already let out around 200 versions that belong to this malware category.

Calum ransomwareCalum ransomware is a notorious malware form that comes from the Phobos ransomware family

Multiple techniques are used for ransomware distribution daily

Security specialists from[4] state that hackers think of numerous ways how to distribute their products for a wider range of people. Ransomware viruses are one of the most dangerous infections that lean on spreading techniques such as email spam, software cracks, malicious updates, infected files/ads/links, exploit kits, vulnerable RDP, etc.

One of the most popular spreading ways is through email spam campaigns where cybercriminals pretend to be from reliable shipping companies such as FedEx or DHL and tend to deliver “shipment information” or “order confirmation” via a hyperlink or attachment that truly is the infectious payload.

Furthermore, ransomware is also commonly distributed via software cracks that can be found on unsecured downloading sources and p2p networks such as The Pirate Bay. Get all of your products and services only from reputable developers and originals websites, otherwise, you might easily end up with malware on your computer system.

Continuously, vulnerable RDP protection such as including a weak password or none security code at all might also allow crooks to hack the RDP remotely, brute force the password into the system, or just connect remotely without putting any big effort into the process. Make sure that you always use strong and reliable passwords that include not only letters or just numbers but both of them combined together and even some symbols added.

The termination process of Calum ransomware (Phobos variant)

Phobos seems to be including various versions of ransomware into its family line and Calum ransomware is one of them. If you ever encounter this malicious infection on your Windows computer system, you should not let it stay there for long as many damaging actions might be performed during then.

We always recommend using automatical software for succeeding in processes such as Calum ransomware removal as manual elimination might bring more damage to the infected system if completed wrong. First, scan the system with antivirus software such as SpyHunter 5Combo Cleaner or Malwarebytes.

After you remove Calum ransomware, you can try employing FortectIntego which might help you to repair the corrupted files that have been touched by the malware. Also, below you will find some data recovery methods that might be helpful if you are looking forward to recovering some locked files.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Calum virus. Follow these steps

Manual removal using Safe Mode

If the ransomware virus has initiated some malicious processes on your Windows computer system, you can try to disable the operations by booting your machine in Safe Mode with Networking:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):


After you are finished, reboot the PC in normal mode.

Remove Calum using System Restore

If you have been looking for ways to stop malicious tasks from running on your computer, you can try booting up via System Restore. To do that, follow these guidelines:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Calum. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with FortectIntego and make sure that Calum removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Calum from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If your files are encrypted by Calum, you can use several methods to restore them:

Employ Data Recovery Pro for file restoring purposes.

Use this piece of software if you have been looking for a tool to unlock your data with. Even though there is no 100% guarantee that the program will work, it is definitely better trying this product than paying the big ransom.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Calum ransomware;
  • Restore them.

Use Windows Previous Versions feature for data recovery tasks.

Employ this type of feature to reverse some files back to their previous states. However, just ensure that you have activated System Restore in the past, otherwise, this tool might not work properly.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Try activating Shadow Explorer and restore some data.

If the ransomware infection did not permanently eliminate or damage the Shadow Volume Copies of your locked files, you can give this piece of software a try.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Currently, cybersecurity experts are still working on the official Calum ransomware decryption tool.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Calum and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.


Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions