Phobos Ransomware Emerges From The Dark Exploiting Weak Security

Phobos Ransomware : Active Since Mid-December 2018 Till Date

In the December 2018, security analysts at Coveware have discovered the new variants of infamous file encrypting virus dubbed as Phobos Ransomware. The name of this ransomware mainly pique the interest of Greek Mythology. According to this mythology, Phobos Ransomware was the god of fear who was a brother to the Deimos god of terror and son of Ares. The depth analysis on it’s sample, researchers reported that the gang of hackers behind this ransomware combines two successful and well-known variant of ransomware named Dharma and CrySiS Ransomware to target businesses across the global world. This ransom virus is mainly emerged from Dark web.

Know How Phobos Ransomware Is Similar To Dharma & CrySiS

First of all Phobos Ransomware has been emerged in October 2017 and upon the depth analysis on its sample, researcher at Coveware have revealed too much similarities of this ransom virus with Dharma and CrySiS Ransomware. Likewise Dharma Ransomware, Phobos Ransomware also exploits poorly or open secured Remote Desktop Protocol ports to penetrate inside the network and execute its malware attack.

After infecting users machine, it perform file encryption procedure by using advanced encipher algorithm and then demands for a ransom fee in exchange for system files. The ransom note of Phobos Ransomware is exactly the same as ransom note that used by Dharma Ransomware with same text and interface use. If we talk about the similarities of Phobos Ransomware and CrySiS Ransomware then both shares same module of anti-virus detection.

Ransom note of Phobos Ransomware

Points That Make Phobos Ransomware Differ From Other Ransomware

The only thing that makes Phobos Ransomware is different from CrySiS and Dharma Ransomware is its file extension. Phobos Ransomware uses .phobos file extension to rename the targeted files name whereas Dharma and CrySiS Ransomware uses .dharma and .crysis file extension respectively. In short, the file encryption with .phobos file extension is a clear indication that your PC is contaminated with Phobos Ransomware.

Quick Analysis View On Phobos Ransomware

Name of Threat Phobos Ransomware
Category Ransomware
Risk Impact High
Discovered on October 21, 2017 and reappeared on December 2018
Identified As Combination of Dharma & CrySiS Ransomware
Encipher Used AES
File Extension .phobos
Primary Aim Locks user files, make them inaccessible and drop a ransom note to asks users for paying ransom fee.
Is file decryption possible? Yes

Tricks To Prevent PC Against Phobos Ransomware Infection

  1. Secures your Remote Desktop Protocol ports
  2. Backup your data on regular basis.
  3. Always use strong and unique passwords for several accounts.
  4. Be sure that your System software and installed application is up-to-date.
  5. Restrict access using the firewall setting.
  6. Always enable the authentication of network level.
  7. You must personalize your anti-spam settings.
  8. Think twice or thrice before clicking on any link etc.

Leave a Comment

Your email address will not be published. Required fields are marked *