Ransomware Group

Phobos

Also known as: Phobos Ransomware

Status: active • First seen 2018-122,000+ known victims

Phobos has been around for years and specializes in attacking small businesses. They find computers with remote desktop exposed to the internet and guess passwords until they get in.

Overview

Phobos is one of the longest-running ransomware families, primarily targeting small and medium-sized businesses through RDP brute force attacks. It evolved from the Dharma/CrySis lineage.

Target Industries

SMB, Healthcare, Education, Professional Services

How They Attack

  • RDP brute force
  • SMB targeting
  • Low ransom demands
  • Dharma lineage

Notable Victims

Small businesses worldwide (ongoing), Local healthcare providers

Is your business exposed?

How to Protect Against Phobos

  1. 1.

    Never expose RDP to the internet

  2. 2.

    Use strong passwords and account lockout policies

  3. 3.

    Implement affordable SMB security basics

MITRE ATT&CK Techniques

T1110, T1021.001, T1486, T1078

Related Groups

Dharma

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices