A new Phobos Ransomware virus comes from a well-known “family” of ransomware viruses. So, it is no surprise that it shares a lot of similarities with them. Recently, a well-known gang of cybercriminals, which is behind a series of attacks on computers and networks, created a new kind of Ransomware virus. That virus has a new form. That form consists of a combination of two successful ways of attacks that are giving a serious number of headaches throughout the world.
Its creators called it Phobos. It was introduced back in December 2018. The researchers from a CoveWare have done some researching and presented us with the similarities that are shared with Dharma ransomware, a previous virus from this “family”. This family is well-known for its method, and several times, they gave some serious blows to their victims. Some of the organizations suffered huge damage. If you want to read more about this virus in greater detail, click here.
Phobos has a similar modus operandi as Dharma had. The virus looks to exploit an RDP port that has poor security, or the ones that are open, more exact, that have not security at all. The virus will avoid all the security you have, enter your system, encrypt the files, and ask for a ransom, that should be paid in bitcoins. It is interesting to say that files are locked in that situation, and have .phobos extension. Pretty interesting if you ask us.
Virus`s demand for bitcoin would be presented on a note. Yes, a note. The note would consist of a Phobos logo and the text of the demand. Dharma worked similarly, not exactly, but close enough. It had similar text, which was described by researchers as a copy-paste version of Dharma. Other than that, Phobos consists of certain elements that can be found in CrySiS ransomware, which is some kind of a “cousin” of Dharma.
One more interesting thing to know that anti-virus software is recognizing Phobos as CrySiS. The attack method is the same, but the file markers are somewhat different. As we said, the similarity of attacks is not accidental, because Phobos is created by the same people that created Dharma. Recently, Phobos has been used as some kind of another policy, or better, a second option for the gang, if Dharma fails in entering the victim`s system. It is clear that the methods are the same, but communications and exploit methods are somewhat different.
Organizations can do something to prevent this kind of attack. In order for them not to become a victim of ransomware attacks, they should get proper security for their RDP ports and regularly do a back up of their data in order to preserve them. So, if the attacks were a success them could use their data freely, without answering to the demands of this virus. On several lists of computer viruses, ransomware computer viruses are ranked high. Of course, by the damage that they can do to their targets.