First detected in December 2018, Phobos ransomware is another cyber threat that primarily targets organizations. However, unlike other big-game cyber crime gangs, the malicious actors behind Phobos often target smaller companies with less means to pay large ransoms. Therefore, the average ransom demand from an attack averages less than attacks on larger companies.
The system takes advantage of insecure RDP (Remote Desktop Protocol) ports to infiltrate corporate networks, encrypt your data and demand a payment in Bitcoin for the ransom as we have said before. This way of operating is very similar to Dharma, the ransomware that generated headaches in 2018. They have replicated its encryption format and much of the code remains identical, so it could be implied that the people behind this rasomware are the same as the Dharma. It also shows a note advising of the hijacking and specifying the steps to follow to release the data.
How this threat called Phobos spreads
Like other cyberthreats, Phobos ransomware infects devices and potentially spreads throughout the network in these main ways:
▸Patch exploits and other software vulnerabilities
▸Unprotected remote desktop protocol (RDP) connections
▸As in most mlawares, phishing campaigns
▸Brute force remote desktop protocol credentials
Once Phobos ransomware enters your system, it fully encrypts standard size files. Its algorithm differs for large files, however it partially encodes only selected segments. This way, you save time and maximize damage at the same time. Most file formats are affected by ransomware, including popular extensions like. avi, .backup, .doc, .docx, .html, .jpg, .jpeg, .mkv, .mp3, .mp4, .pdf, .rar and .zip.
Of course, the first recommendation is to strengthen the security of the RDP ports to avoid any inconvenience. It seems that ransomware attacks will continue to be a topic of conversation this year, as it is warranted by the increase in online work and it is clear that hackers will continue to seek options to bypass our defenses.
Other related reads:
Capcom receives a Ransomware Attack
CryptoLocker – Unexpected Ransomware
[…] also:Phobos – A serious threat for working enterprisesCyberterrorism – Why should we care about […]