"Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks"

US government agencies recently warned organizations of ongoing Phobos ransomware attacks targeting government, education, emergency services, healthcare, and other critical infrastructure sectors.  Active since May 2019, Phobos operates under the ransomware-as-a-service (RaaS) business model and has successfully extorted several millions of dollars from victim organizations.  CISA, the FBI, and MS-ISAC, in a joint advisory, say that based on similar tactics, techniques, and procedures (TTPs), Phobos is linked to ransomware variants such as Backmydata, Devos, Eight, Elking, and Faust and has been deployed in conjunction with tools popular among cybercriminals, including Bloodhound, Cobalt Strike, and SmokeLoader.  You can read more about the joint advisory by clicking the link below. 

SecurityWeek reports: "Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks"