#StopRansomware: Phobos Ransomware – My information Resource (blog.mir.net)

This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this Joint Cybersecurity Advisory to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024, according to open-source reporting. Phobos is structured as a ransomware-as-a-service (RaaS) model. Since May 2019, Phobos ransomware incidents impacting state, local, tribal, and territorial (SLTT) governments have been regularly reported to the MS-ISAC. These incidents targeted municipal and county governments, emergency services, education, public healthcare, and other critical infrastructure entities to successfully ransom several million US dollars.

The FBI, CISA, and the MS-ISAC encourage organizations to implement the recommendations in the mitigations section of this advisory to reduce the likelihood and impact of Phobos ransomware and other ransomware incidents.