New Phobos ransomware exploits weak security to hit targets around the world

[M.Poorya]

Quote

 

Ransomware strain has many similarities with one of the most damaging ransomware families.

A prolific cybercrime gang behind a series of ransomware attacks is distributing a new form of the file-encrypting malware which combines two well known and successful variants in a series of attacks against businesses around the world.

Dubbed Phobos by its creators, the ransomware first emerged in December and researchers at CoveWarehave detailed how it shares a number of similarities with Dharma ransomware.

Like Dharma, Phobos exploits open or poorly secured RDP ports to sneak inside networks and execute a ransomware attack, encrypting files and demands a ransom to be paid in bitcoin for returning the files, which in this case are locked with a .phobos extension.
The demand is made in a ransom note – and aside from 'Phobos' logos being added to the ransom note, it's exactly the same as the note used by Dharma, with the same typeface and text use throughout.
...
...
However, Phobos also contains elements of CrySiS ransomware – also related to Dharma - with anti-virus software detecting Phobos as CrySiS. The ransomware's file markers also differentiate it from Dharma – however, the attack methods and threat remains the same.

https://www.zdnet.com/article/new-phobos...the-world/