You Should Be Scared of the Latest Strains of Phobos Ransomware



ransomware-screen-skull-1In an unusual twist, it’s not actually the ransomware itself that makes the newer forms of Phobos so frightening; it’s the people behind the attacks that will have you worried.

The Phobos family of ransomware has been around since late 2017 and has morphed into a few strains, always targeting larger organizations in hopes of taking home a bigger payout. It works to kill processes that may pose a threat, deletes Volume Shadow copies, disables Windows firewall, and even prevents systems from booting into recovery mode.

But that’s not the scary part.

The real frightening part of Phobos is how it’s distributed today. Sold in a Ransomware-as-a-Service business model, malware researchers have noted that those using Phobos today are not as organized and less professional than cybercriminal organizations that build and distribute their own ransomware.

What does this have to do with your organization? Plenty. It usually means it may take longer to negotiate ransoms (should you choose to pay), and potential issues around the decryption of ransomed files and systems. Think about it: the person (or persons) responsible for the specific attack on your organization have no control over the malware used as part of the attack; they need to go back to the organization they are using to retrieve decryption keys and instructions.

With email still being a primary attack vector, the need to trick users into clicking on malicious attachments and links is necessary. Users that undergo Security Awareness Training are better prepared to augment the organization’s security posture by identifying malicious emails for what they are and failing to engage with them to allow Phobos to install and begin wreaking havoc.


Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransomware-simulator



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews