Ransomware
Phobos
First seen: 2018-12 • Status: active
Currently Active Threat
Phobos attacks small businesses by breaking in through remote desktop. It has been around for years and keeps making money from SMBs.
Overview
Phobos is a persistent ransomware family that primarily targets small and medium businesses through RDP exploitation.
Also Known As
Phobos Ransomware
How It Spreads
- • RDP brute force
- • Phishing
- • Exposed RDP
What It Does
- • File encryption
- • Targets SMBs
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor RDP access
- • Watch for Phobos file extensions
MITRE ATT&CK Techniques
T1486, T1110, T1021
If You're Infected
- 1.
Secure or disable RDP
- 2.
Use VPN for remote access
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required