CISA alert: Phobos ransomware targeting state, local governments. Be vigilant.

TLDR:

CISA has issued a warning about the Phobos ransomware targeting state and local government organizations.
The ransomware-as-a-service provider has been increasing attacks on municipal and county governments, healthcare systems, and other critical infrastructure since 2019.

The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory warning state and local government organizations about the threat of Phobos ransomware. Phobos, a ransomware-as-a-service provider, has been targeting IT systems of various public sector entities, including municipal and county governments, emergency services, education institutions, and healthcare systems. Ransomware-as-a-service allows individuals with minimal technical expertise to launch ransomware attacks using pre-developed tools.

Since 2019, the frequency of ransomware-as-a-service cyberattacks across the public sector has been increasing. Phobos ransomware, while considered “pretty standard” in its operations, has successfully extracted several million U.S. dollars in ransom payments from victims. The average ransomware payment for Phobos incidents is around $38,100 according to a 2021 report by the U.S. Department of Health & Human Services.

The CISA advisory highlights that Phobos ransomware primarily uses phishing and gaining direct access through the Remote Desktop Protocol to gain system access. Phishing campaigns, like those utilized by Phobos, are effective due to exploiting human weaknesses. To combat these tactics, experts suggest the use of generative artificial intelligence for both offense and defense in cybersecurity measures.

Once Phobos gains access to a system, it installs itself in key locations and targets user files and network shares for encryption. Victims are then demanded ransom in exchange for a decryption key, as no Phobos decryptor is publicly available. CISA recommends securing Remote Desktop Protocol, using strong passwords and account lockout policies, implementing multi-factor authentication, using virtual private networks, and regularly updating software to prevent ransomware attacks.

Post Views: 98

Latest from Blog

Beware: UNC2970 Hackers Weapons in Job Seekers’ PDFs

TLDR: UNC2970 hackers are targeting job seekers with weaponized PDF files. They use sophisticated phishing tactics to deliver malware to victims. In a recent report, cybersecurity analysts at Google Mandiant have identified

Cyber insurance changes shape of security for good and bad

TLDR: Key Points: Cyber-insurance landscape is shifting to encourage greater cyber resiliency Rising costs of cyberattacks are prompting insurers to re-examine underwriting How Cyber-Insurance Shifts Affect the Security Landscape The article discusses