In an unusual twist, it’s not actually the ransomware itself that makes the newer forms of Phobos so frightening; it’s the people behind the attacks that will have you worried.
The Phobos family of ransomware has been around since late 2017 and has morphed into a few strains, always targeting larger organisations in hopes of taking home a bigger payout. It works to kill processes that may pose a threat, deletes Volume Shadow copies, disables Windows firewall, and even prevents systems from booting into recovery mode.
But that’s not the scary part.
The real frightening part of Phobos is how it’s distributed today. Sold in a Ransomware-as-a-Service business model, malware researchers have noted that those using Phobos today are not as organised and less professional than cybercriminal organisations that build and distribute their own ransomware.
What does this have to do with your organisation? Plenty. It usually means it may take longer to negotiate ransoms (should you choose to pay), and potential issues around the decryption of ransomed files and systems. Think about it: the person (or persons) responsible for the specific attack on your organisation have no control over the malware used as part of the attack; they need to go back to the organization they are using to retrieve decryption keys and instructions.
With email still being a primary attack vector, the need to trick users into clicking on malicious attachments and links is necessary. Users that undergo Security Awareness Training are better prepared to augment the organization’s security posture by identifying malicious emails for what they are and failing to engage with them to allow Phobos to install and begin wreaking havoc.
Free Ransomware Simulator Tool
How vulnerable is your network against ransomware attacks?
Bad guys are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?
KnowBe4’s “RanSim” gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 15 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.
Here’s how it works:
- 100% harmless simulation of real ransomware and cryptomining infections
- Does not use any of your own files
- Tests 16 types of infection scenarios
- Just download the install and run it
- Results in a few minutes!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/ransomware-simulator-tool-partner?partnerid=001a000001lWEoJAAW