Banta Ransomware

The Banta ransomware is part of the Phobos ransomware family, which has been responsible for numerous attacks over the years. Banta was developed in .NET language and uses AES encryption.

Banta acts as a Trojan horse to break into the victim’s system, the file is downloaded via email, pirate download sites and others.

The file apparently looks normal, but the ransomware is hidden in it, and once it is downloaded, the ransomware installs itself and starts disabling programs that could interrupt the encryption process.

The ransomware can target Databases, Servers, Storages, Virtual Machines, RAID systems, these are the main targets of the group.

Through encryption access to data is blocked preventing the opening of files, the extension .banta is added to all affected files.

After the encryption is completed, a file is created and fixed on the desktop, where the victim’s information is recorded so that he/she can contact the criminals to pay the ransom.

The payment is made through cryptocurrencies, because they are practically untraceable. The e-mails used by the group are “ and”.

Recover Files Encrypted by Banta Ransomware

Digital Recovery has been in the recovery market for over 23 years, developing unique technologies to recover files encrypted by ransomware.

Recovery can be performed on Databases, Servers, RAID Systems, Storage, Virtual Machines, and other devices. Our processes are customized, and can be adapted to any ransomware extension that made the attack.

We are used to working on highly complex cases, and the entire process is highly confidential, guaranteed by the confidentiality agreement (NDA).

We can recover data remotely, contact us and start the recovery process right now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

AtomSilo Ransomware

Ransomware AtomSilo

The AtomSilo ransomware emerged in September 2021, the group acts a little differently than other ransomware groups, the ransom amount is fixed, $1 million is

Khonsari Ransomware

Khonsari Ransomware

The Khonsari ransomware was the first group to exploit known Apache Log4j vulnerabilities (CVE-2021-44228 and CVE-2021-45046), the group has focused its attacks on Windows servers that


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.