In-Depth Analysis of Phobos Ransomware

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Phobos ransomware, active since 2018, primarily targets small to medium-sized businesses with lower ransom demands. It uses compromised RDP connections, is distributed via a Ransomware as a Service model, and has recently adopted DLL sideloading for stealthy attacks.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.