CISA Advisory

Phobos Ransomware Tactics and Mitigations

AA24-060A • Published February 29, 2024

Severity: high

Phobos is ransomware that criminals rent to attack small businesses. They usually break in through poorly secured remote desktop connections. If your business uses remote desktop, make sure it requires strong passwords and two-factor authentication.

Overview

Advisory detailing Phobos ransomware variants and their affiliate tactics. Phobos operates as ransomware-as-a-service and commonly targets small and medium businesses through exposed RDP services.

Who Is At Risk

  • Small and medium businesses
  • Organizations with exposed RDP
  • Government agencies
  • Healthcare providers
  • Education institutions

Affected Products

Windows Remote Desktop, Open RDP ports

Is your business exposed?

Immediate Actions

  1. 1.

    Disable RDP if not needed

  2. 2.

    Require VPN for all remote access

  3. 3.

    Enforce account lockout policies

  4. 4.

    Deploy EDR solutions

  5. 5.

    Test backup restoration procedures

Official Source

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices