The Phobos ransomware family is a notorious group of malicious software designed to encrypt files on a victim’s computer. It emerged in 2019 and has since been involved in numerous cyber attacks.
This ransomware typically appends encrypted files with a unique extension and demands a ransom payment in cryptocurrency for the decryption key. FortiGuard Labs has captured and reported on several ransomware variants from the Phobos family, including EKING and 8Base. Recently, FortiGuard Labs uncovered an Office document containing a VBA script aimed at propagating the FAUST ransomware, another variant of Phobos. The attackers utilized the Gitea service to store several files encoded in Base64, each carrying a malicious binary.