In celebrating its two-year birthday this month, experts take a look at the Phobos ransomware in detail and offer up suggestions on how to avoid infection.
Rather than use this article to cover a story of the mass encryption of some enterprise somewhere, I wanted to stop and take a moment to simply look at some new detail provided by the security researchers over at cybersecurity software vendor Heimdal who recently covered Phobos ransomware in detail.
One of the most notable characteristics of the cybercriminal org behind Phobos is they’ve decided to focus on smaller enterprises (read: the mid-market and smaller) – likely because everyone else is focused on the multi-million-dollar ransoms collected from large enterprises. According to Heimdal, the average ransom demanded as part of an attack on smaller enterprises is $18,755. That’s pretty small in the world of ransomware, but seems appropriate given smaller businesses aren’t exactly flush with cash.
Heimdal makes a few recommendations on how to avoid becoming the next Phobos victim. These include:
- Patching – Phobos can spread through software vulnerabilities. Keep your systems, applications, and browsers up to date.
- Backups – Have both online and offline backups to ensure an ability to recover any encrypted data and systems.
- Education – Users should undergo Security Awareness Training to be able to “recognize suspicious links, malicious attachment, counterfeit branding, and other components of malspam.”